CVE-2012-5624

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
http://secunia.com/advisories/52217	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/12/04/8
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=883415
https://codereview.qt-project.org/#change%2C40034
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71
http://secunia.com/advisories/52217	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/12/04/8
http://www.ubuntu.com/usn/USN-1723-1
https://bugzilla.redhat.com/show_bug.cgi?id=883415
https://codereview.qt-project.org/#change%2C40034

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:digia:qt::::::::
	cpe:2.3:a:qt:qt:1.41:::::::*
	cpe:2.3:a:qt:qt:1.42:::::::*
	cpe:2.3:a:qt:qt:1.43:::::::*
	cpe:2.3:a:qt:qt:1.44:::::::*
	cpe:2.3:a:qt:qt:1.45:::::::*
	cpe:2.3:a:qt:qt:2.0.0:::::::*
	cpe:2.3:a:qt:qt:2.0.1:::::::*
	cpe:2.3:a:qt:qt:2.0.2:::::::*
	cpe:2.3:a:qt:qt:3.3.0:::::::*
	cpe:2.3:a:qt:qt:3.3.1:::::::*
	cpe:2.3:a:qt:qt:3.3.2:::::::*
	cpe:2.3:a:qt:qt:3.3.3:::::::*
	cpe:2.3:a:qt:qt:3.3.4:::::::*
	cpe:2.3:a:qt:qt:3.3.5:::::::*
	cpe:2.3:a:qt:qt:3.3.6:::::::*
	cpe:2.3:a:qt:qt:4.0.0:::::::*
	cpe:2.3:a:qt:qt:4.0.1:::::::*
	cpe:2.3:a:qt:qt:4.1.0:::::::*
	cpe:2.3:a:qt:qt:4.1.1:::::::*
	cpe:2.3:a:qt:qt:4.1.2:::::::*
	cpe:2.3:a:qt:qt:4.1.3:::::::*
	cpe:2.3:a:qt:qt:4.1.4:::::::*
	cpe:2.3:a:qt:qt:4.1.5:::::::*
	cpe:2.3:a:qt:qt:4.2.0:::::::*
	cpe:2.3:a:qt:qt:4.2.1:::::::*
	cpe:2.3:a:qt:qt:4.2.3:::::::*
	cpe:2.3:a:qt:qt:4.3.0:::::::*
	cpe:2.3:a:qt:qt:4.3.1:::::::*
	cpe:2.3:a:qt:qt:4.3.2:::::::*
	cpe:2.3:a:qt:qt:4.3.3:::::::*
	cpe:2.3:a:qt:qt:4.3.4:::::::*
	cpe:2.3:a:qt:qt:4.3.5:::::::*
	cpe:2.3:a:qt:qt:4.4.0:::::::*
	cpe:2.3:a:qt:qt:4.4.1:::::::*
	cpe:2.3:a:qt:qt:4.4.2:::::::*
	cpe:2.3:a:qt:qt:4.4.3:::::::*
	cpe:2.3:a:qt:qt:4.5.0:::::::*
	cpe:2.3:a:qt:qt:4.5.1:::::::*
	cpe:2.3:a:qt:qt:4.5.2:::::::*
	cpe:2.3:a:qt:qt:4.5.3:::::::*
	cpe:2.3:a:qt:qt:4.6.0:::::::*
	cpe:2.3:a:qt:qt:4.6.0:rc1::::::
	cpe:2.3:a:qt:qt:4.6.1:::::::*
	cpe:2.3:a:qt:qt:4.6.2:::::::*
	cpe:2.3:a:qt:qt:4.6.3:::::::*
	cpe:2.3:a:qt:qt:4.6.4:::::::*
	cpe:2.3:a:qt:qt:4.6.5:::::::*
	cpe:2.3:a:qt:qt:4.6.5:rc::::::
	cpe:2.3:a:qt:qt:4.7.0:::::::*
	cpe:2.3:a:qt:qt:4.7.1:::::::*
	cpe:2.3:a:qt:qt:4.7.2:::::::*
	cpe:2.3:a:qt:qt:4.7.3:::::::*
	cpe:2.3:a:qt:qt:4.7.4:::::::*
	cpe:2.3:a:qt:qt:4.7.5:::::::*
	cpe:2.3:a:qt:qt:4.7.6:::::::*
	cpe:2.3:a:qt:qt:4.7.6:rc::::::
	cpe:2.3:a:qt:qt:4.8.0:::::::*
	cpe:2.3:a:qt:qt:4.8.1:::::::*
	cpe:2.3:a:qt:qt:4.8.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

History

21 Nov 2024, 01:44

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html -~~	() http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html -~~	() http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html -~~	() http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html -
References	~~() http://lists.qt-project.org/pipermail/announce/2012-November/000014.html -~~	() http://lists.qt-project.org/pipermail/announce/2012-November/000014.html -
References	~~() http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 -~~	() http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71 -
References	~~() http://secunia.com/advisories/52217 - Vendor Advisory~~	() http://secunia.com/advisories/52217 - Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2012/12/04/8 -~~	() http://www.openwall.com/lists/oss-security/2012/12/04/8 -
References	~~() http://www.ubuntu.com/usn/USN-1723-1 -~~	() http://www.ubuntu.com/usn/USN-1723-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=883415 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=883415 -
References	~~() https://codereview.qt-project.org/#change%2C40034 -~~	() https://codereview.qt-project.org/#change%2C40034 -

07 Nov 2023, 02:12

Type	Values Removed	Values Added
References	~~{'url': 'https://codereview.qt-project.org/#change,40034', 'name': 'https://codereview.qt-project.org/#change,40034', 'tags': [], 'refsource': 'CONFIRM'}~~	() https://codereview.qt-project.org/#change%2C40034 -

Information

Published : 2013-02-24 19:55

Updated : 2024-11-21 01:44

NVD link : CVE-2012-5624

Mitre link : CVE-2012-5624

CVE.ORG link : CVE-2012-5624

JSON object : View

Products Affected

canonical

ubuntu_linux

digia

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.3 /10