CVE-2011-4692

Published: Dec 7, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

Affected (3)

Products: Apple: Safari, Webkit · Google: Chrome

2 products

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 5.1.1
Apple Webkit	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 15

Related CWEs

References (6)

http://lcamtuf.coredump.cx/cachetime/

Source: cve@mitre.org

Exploit

http://oxplot.github.com/visipisi/visipisi.html

Source: cve@mitre.org

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098

Source: cve@mitre.org

http://lcamtuf.coredump.cx/cachetime/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://oxplot.github.com/visipisi/visipisi.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.