Vulnerability Name:

CVE-2011-4692 (CCN-71736)

Assigned:2011-12-06
Published:2011-12-06
Updated:2017-09-19
Summary:WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2011-4692

Source: MISC
Type: Exploit
http://lcamtuf.coredump.cx/cachetime/

Source: MISC
Type: Exploit
http://oxplot.github.com/visipisi/visipisi.html

Source: CCN
Type: SA47319
Apple Safari Cache Objects History Enumeration Weakness

Source: CCN
Type: The WebKit Open Source Project Web site
The WebKit Open Source Project

Source: CCN
Type: Apple Safari Web site
Apple Safari

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: OSVDB ID: 77618
Apple Safari WebKit Cache Objects Image Handling Browsing History Disclosure

Source: CCN
Type: OSVDB ID: 77621
Google Chrome WebKit Cache Objects Image Handling Browsing History Disclosure

Source: CCN
Type: BID-51050
WebKit CVE-2011-4692 Image Handling Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
safari-webkit-cache-info-disc(71736)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14098

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version <= 5.1.1)
  • OR cpe:/a:apple:webkit:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version <= 15)

    • Configuration CCN 1:
  • cpe:/a:apple:webkit:*:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:15:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:5.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14098
    V
    		WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
    2014-04-07
    oval:com.ubuntu.precise:def:20114692000
    V
    		CVE-2011-4692 on Ubuntu 12.04 LTS (precise) - low.
    2011-12-07
    oval:com.ubuntu.xenial:def:201146920000000
    V
    		CVE-2011-4692 on Ubuntu 16.04 LTS (xenial) - low.
    2011-12-07
    oval:com.ubuntu.trusty:def:20114692000
    V
    		CVE-2011-4692 on Ubuntu 14.04 LTS (trusty) - low.
    2011-12-07
    oval:com.ubuntu.xenial:def:20114692000
    V
    		CVE-2011-4692 on Ubuntu 16.04 LTS (xenial) - low.
    2011-12-07
    BACK
    apple safari *
    apple webkit *
    google chrome *
    apple webkit *
    google chrome 15
    apple safari 5.1.1