CVE-2011-3061

CVSS V2 Medium 5.8 CVSS V3 None

Description

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

Overview

CVE ID
CVE-2011-3061

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2012-03-30T22:55:01

Last Modified Date
2020-04-14T15:13:32

Weakness Enumerations

CWE	URL
CWE-295	http://cwe.mitre.org/data/definitions/295.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:google:chrome::::::::	1	OR		18.0.1025.142

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
NONE

Base Score
5.8

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
4.9

References

Reference URL	Reference Tags
http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html	Exploit Vendor Advisory
http://code.google.com/p/chromium/issues/detail?id=116398	Vendor Advisory
http://osvdb.org/80739	Broken Link
http://secunia.com/advisories/48618	Not Applicable
http://www.securitytracker.com/id?1026877	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/52762	Third Party Advisory VDB Entry
http://secunia.com/advisories/48691	Not Applicable
http://secunia.com/advisories/48763	Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/74411	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14849	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2011-3061
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3061

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 16:44:42				Added to TrackCVE