VDB
CVE-2015-1244
CVE-2015-1244
PUBLISHED
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.
EPSS 1.11% · 78.5th percentile
Risk Scores
EPSS Score
1.11%
78.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | oxide-qt | 0, 1.0.0~bzr437-0ubuntu1, 1.0.0~bzr452-0ubuntu1 |
| Ubuntu:14.04:LTS | chromium-browser | 31.0.1650.63-0ubuntu1~20131204.1, 33.0.1750.152-0ubuntu1~pkg995.1, 34.0.1847.116-0ubuntu2 |
Timeline
- Apr 19, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-1244 third-party-advisory
- https://code.google.com/p/chromium/issues/detail?id=455215 third-party-advisory
- https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010 third-party-advisory
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html third-party-advisory
- https://ubuntu.com/security/notices/USN-2570-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-1244 third-party-advisory