Webkitgtk
CVE-2019-11070
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
AnalysisAI
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-19. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. Affected products include: Webkitgtk, Wpewebkit Wpe Webkit. Version information: version 2.24.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
An issue was discovered in certain Apple products. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. Rated high severity (CVSS 8.
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Ra
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. Rated high severity (CV
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKi
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati
Same weakness CWE-19 – Data Processing Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today