CVE-2015-1244: Detailed Vulnerability Analysis and Overview

Status: Modified - Last modified: 07-11-2023 Published: 19-04-2015

CVE-2015-1244
Vulnerability Scoring

5.0
/10

Attack Complexity Details

  • Attack Complexity: Low Impact
  • Attack Vector: NETWORK
  • Privileges Required: None

CIA Impact Definition

  • Confidentiality:
  • Integrity:
  • Availability:

CVE-2015-1244 Vulnerability Summary

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.

Access Complexity Graph for CVE-2015-1244

Impact Analysis for CVE-2015-1244

CVE-2015-1244: Detailed Information and External References

EPSS

0.00599

EPSS %

0.78888

References

0.00599

CWE

CWE-200

CAPEC

0.00599

Vulnerable Configurations