OVAL Reference oval:com.ubuntu.xenial:def:20103813000

Oval Definition:

oval:com.ubuntu.xenial:def:20103813000

Revision Date:	2010-11-22	Version:	1
Title:	CVE-2010-3813 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2010-3813
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information NOT While related to the CVE in some way, the 'qt4-x11' package in xenial is not affected (note: 'webkit isn't built'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'no update available'). OR NOT While related to the CVE in some way, the 'webkitgtk' package in xenial is not affected (note: '2.4.9-2ubuntu2').