CVE-2010-0656

Published: Feb 18, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.

Affected (49)

Products: Apple: Webkit · Google: Chrome

1 product

1 product

Configuration A

49 vulnerable

Vulnerable Software	Affected Versions
Apple Webkit	Up to r51280
Google Chrome	Up to 4.0.249.78
Google Chrome	Version 0.2.149.27
Google Chrome	Version 0.2.149.29
Google Chrome	Version 0.2.149.30
Google Chrome	Version 0.2.152.1
Google Chrome	Version 0.2.153.1
Google Chrome	Version 0.3.154.0
Google Chrome	Version 0.3.154.3
Google Chrome	Version 0.4.154.18
Google Chrome	Version 0.4.154.22
Google Chrome	Version 0.4.154.31
Google Chrome	Version 0.4.154.33
Google Chrome	Version 1.0.154.36
Google Chrome	Version 1.0.154.39
Google Chrome	Version 1.0.154.42
Google Chrome	Version 1.0.154.43
Google Chrome	Version 1.0.154.46
Google Chrome	Version 1.0.154.48
Google Chrome	Version 1.0.154.52
Google Chrome	Version 1.0.154.53
Google Chrome	Version 1.0.154.59
Google Chrome	Version 1.0.154.65
Google Chrome	Version 2.0.156.1
Google Chrome	Version 2.0.157.0
Google Chrome	Version 2.0.157.2
Google Chrome	Version 2.0.158.0
Google Chrome	Version 2.0.159.0
Google Chrome	Version 2.0.169.0
Google Chrome	Version 2.0.169.1
Google Chrome	Version 2.0.170.0
Google Chrome	Version 2.0.172.27
Google Chrome	Version 2.0.172.28
Google Chrome	Version 2.0.172.2
Google Chrome	Version 2.0.172.30
Google Chrome	Version 2.0.172.31
Google Chrome	Version 2.0.172.33
Google Chrome	Version 2.0.172.37
Google Chrome	Version 2.0.172.38
Google Chrome	Version 2.0.172.8
Google Chrome	Version 2.0.172
Google Chrome	Version 3.0.182.2
Google Chrome	Version 3.0.190.2
Google Chrome	Version 3.0.193.2 beta
Google Chrome	Version 3.0.195.21
Google Chrome	Version 3.0.195.24
Google Chrome	Version 3.0.195.32
Google Chrome	Version 3.0.195.33
Google Chrome	Version 4.0.244.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (38)

http://code.google.com/p/chromium/issues/detail?id=20450

Source: cve@mitre.org

http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

Source: cve@mitre.org

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

http://secunia.com/advisories/41856

Source: cve@mitre.org

http://secunia.com/advisories/43068

Source: cve@mitre.org

http://securitytracker.com/id?1023506

Source: cve@mitre.org

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Source: cve@mitre.org

Vendor Advisory

http://trac.webkit.org/changeset/51295

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: cve@mitre.org

http://www.securityfocus.com/bid/38372

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1006-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/2722

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0552

Source: cve@mitre.org

https://bugs.webkit.org/show_bug.cgi?id=31329

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501

Source: cve@mitre.org

http://code.google.com/p/chromium/issues/detail?id=20450

Source: af854a3a-2127-422b-91ae-364da2661108

http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1023506

Source: af854a3a-2127-422b-91ae-364da2661108

http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://trac.webkit.org/changeset/51295

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/38372

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.webkit.org/show_bug.cgi?id=31329

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14501

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.