Vulnerability CVE-2008-7294 - CERT Civis.Net

Vulnerability Name:

CVE-2008-7294 (CCN-69294)

Assigned:

2011-08-05

Published:

2011-08-05

Updated:

2012-08-02

Summary:

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: MISC
Type: UNKNOWN
http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies

Source: MITRE
Type: CNA
CVE-2008-7294

Source: MLIST
Type: UNKNOWN
[public-webapps] 20090918 fyi: Strict Transport Security specification

Source: MISC
Type: UNKNOWN
http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html

Source: MISC
Type: UNKNOWN
http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html

Source: MISC
Type: UNKNOWN
http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 74449
Google Chrome HTTPS Session HTTP Set-Cookie Header HSTS includeSubDomains Weakness MiTM Arbitrary Cookie Overwrite

Source: CCN
Type: Bugzilla@Mozilla Bug 660053
If a BUGLIST cookie is compromised, it can be used to XSS show_bug.cgi and inject HTML into

Source: MISC
Type: Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=660053

Source: XF
Type: UNKNOWN
google-chrome-https-sec-bypass(69294)

Vulnerable Configuration:

Configuration 1:

cpe:/a:google:chrome:0.1.38.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.38.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.38.4:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.40.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.42.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.42.3:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.149.27:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.52:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.64:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.65:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.169.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.169.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.170.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.8:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.27:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.28:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.37:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.38:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.182.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.190.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.21:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.24:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.25:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.27:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.32:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.36:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.37:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version <= 3.0.195.38)

Configuration CCN 1:

cpe:/a:google:chrome:0.2.149.27:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.149.29:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.149.30:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.36:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.43:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.42:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.39:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.31:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.22:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.4.154.18:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.3.154.3:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.3.154.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.153.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.2.152.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.53:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.157.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.157.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.156.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.158.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.159.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.46:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.59:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.48:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.64:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.65:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.30:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:1.0.154.52:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.31:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.37:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.28:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.24:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.38:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.8:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.172.27:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.182.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.190.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.169.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.170.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:2.0.169.0:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.21:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.33:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.38:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.32:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.38.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.38.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.38.4:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.40.1:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.42.2:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:0.1.42.3:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.25:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.27:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.36:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.37:*:*:*:*:*:*:*

OR cpe:/a:google:chrome:3.0.195.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:26612	V	Allows man-in-the-middle attackers to overwrite or delete arbitrary cookies	2014-10-27