Vulnerability Name:

CVE-2010-1766 (CCN-60586)

Assigned:2010-07-13
Published:2010-07-13
Updated:2013-02-07
Summary:Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1766

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-11011

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-11020

Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:002

Source: SECUNIA
Type: Vendor Advisory
40557

Source: SECUNIA
Type: Vendor Advisory
41856

Source: SECUNIA
Type: Vendor Advisory
43068

Source: CONFIRM
Type: UNKNOWN
http://trac.webkit.org/changeset/56380

Source: CCN
Type: WebKit Web site
WebKit

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:039

Source: CCN
Type: OSVDB ID: 66480
WebKit WebCore websockets/WebSocketHandshake.cpp WebSocketHandshake::readServerHandshake Function Off-by-one Remote DoS

Source: CCN
Type: BID-41572
WebKit 'WebSocketHandshake::readServerHandshake()' Memory Corruption Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1006-1

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1801

Source: VUPEN
Type: UNKNOWN
ADV-2010-2722

Source: VUPEN
Type: UNKNOWN
ADV-2011-0212

Source: VUPEN
Type: UNKNOWN
ADV-2011-0552

Source: CONFIRM
Type: UNKNOWN
https://bugs.webkit.org/show_bug.cgi?id=36339

Source: CCN
Type: Red Hat Bugzilla Bug 596494
(CVE-2010-1766) CVE-2010-1766 WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=596494

Source: XF
Type: UNKNOWN
webkit-websockethandshake-code-execution(60586)

Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:digia:qt:*:*:*:*:*:*:*:* (Version <= 4.6.2)
  • OR cpe:/a:webkit:webkit:*:*:*:*:*:*:*:* (Version <= r56379)

    • Configuration CCN 1:
  • cpe:/a:apple:webkit:r56379:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20101766
    V
    		CVE-2010-1766
    2015-11-16
    BACK
    digia qt *
    webkit webkit *
    apple webkit r56379