The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
History
07 Nov 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/69202 - | |
References | () http://secunia.com/advisories/59904 - | |
References | () http://www.debian.org/security/2014/dsa-3039 - | |
References | () https://code.google.com/p/chromium/issues/detail?id=398925 - | |
References | () http://www.securitytracker.com/id/1030732 - | |
References | () https://src.chromium.org/viewvc/chrome?revision=286598&view=revision - | |
References | () http://security.gentoo.org/glsa/glsa-201408-16.xml - | |
References | () http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html - | |
References | () http://secunia.com/advisories/60798 - | |
References | () https://src.chromium.org/viewvc/chrome?revision=288435&view=revision - | |
References | () http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html - | |
References | () http://secunia.com/advisories/60685 - | |
References | () http://secunia.com/advisories/59693 - | |
References | () http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html - | |
References | () http://www.ietf.org/mail-archive/web/tls/current/msg13345.html - |
10 Nov 2022, 17:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple iphone Os
|
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : unknown |
References | (SECUNIA) http://secunia.com/advisories/59904 - Broken Link, Third Party Advisory | |
References | (CONFIRM) http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html - Release Notes, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/60685 - Broken Link, Third Party Advisory | |
References | (CONFIRM) http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=398925 - Exploit, Issue Tracking, Mailing List, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59693 - Broken Link, Third Party Advisory | |
References | (CONFIRM) http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html - Release Notes, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/69202 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id/1030732 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/60798 - Broken Link, Third Party Advisory | |
CPE | cpe:2.3:o:google:android:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:o:google:android:-:*:*:*:*:*:*:* |
Information
Published : 2014-08-13 04:57
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3166
Mitre link : CVE-2014-3166
CVE.ORG link : CVE-2014-3166
JSON object : View
Products Affected
linux
- linux_kernel
- chrome
- android
apple
- mac_os_x
- iphone_os
microsoft
- windows
debian
- debian_linux
CWE