Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-3011
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-31 Aug, 2009 | 16:30
Updated At-17 Aug, 2017 | 01:31

Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Google LLC
google
>>chrome>>Versions up to 1.0.154.48(inclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.2.149.27
cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.2.149.29
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.2.149.30
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.2.152.1
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.2.153.1
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.3.154.0
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.3.154.3
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.4.154.18
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.4.154.22
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.4.154.31
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>0.4.154.33
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>1.0.154.36
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>1.0.154.39
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>1.0.154.42
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>1.0.154.43
cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>1.0.154.46
cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>2.0.172.28
cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>2.0.172.37
cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>3.0.193.2
cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://websecurity.com.ua/3315/cve@mitre.org
Exploit
http://websecurity.com.ua/3386/cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/52998cve@mitre.org
N/A
Change History
0Changes found
Details not found