CVE-2015-1269

Impact:
Moderate
Public Date:
2015-06-22
Bugzilla:
1234699: CVE-2015-1269 chromium-browser: Normalization error in HSTS/HPKP preload list

The MITRE CVE dictionary describes this issue as:

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.

Find out more about CVE-2015-1269 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.4
Base Metrics AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (chromium-browser) RHSA-2015:1188 2015-06-25

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation