CVE-2019-6251

Impact:
Moderate
Public Date:
2018-09-11
CWE:
CWE-20
Bugzilla:
1667409: CVE-2019-6251 webkitgtk: processing maliciously crafted web content lead to URI spoofing

The MITRE CVE dictionary describes this issue as:

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.

Find out more about CVE-2019-6251 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 4.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 webkit2gtk3 Under investigation
Red Hat Enterprise Linux 7 webkitgtk4 Under investigation
Red Hat Enterprise Linux 7 webkitgtk Under investigation
Red Hat Enterprise Linux 7 webkitgtk3 Under investigation
Red Hat Enterprise Linux 6 webkitgtk Under investigation
Last Modified

CVE description copyright © 2017, The MITRE Corporation