Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-5137

EPSS 1.01% · P77
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-5137

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google Chrome Blink 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Blink是美国谷歌(Google)公司和挪威欧朋(Opera Software)公司共同开发的一套浏览器排版引擎(渲染引擎)。 Google Chrome 52.0.2743.82之前的版本中使用的Blink中的CSP实现过程中的WebKit/Source/core/frame/csp/CSPSource.cpp文件中的‘CSPSource::schemeMatches’函数存在安全漏洞。远程攻击者可通过读取CSP报告利用该
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2016-5137

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2016-5137

登录查看更多情报信息。

Same Patch Batch · n/a · 2016-07-23 · 18 CVEs total

CVE-2016-5128Google Chrome Google V8 安全漏洞
CVE-2016-5136Google Chrome 释放后重用漏洞
CVE-2016-5135Google Chrome Blink 安全漏洞
CVE-2016-5134Google Chrome Proxy Auto-Config功能安全漏洞
CVE-2016-5133Google Chrome 安全漏洞
CVE-2016-5132Google Chrome 安全漏洞
CVE-2016-5131Google Chrome 资源管理错误漏洞
CVE-2016-5130Google Chrome content/renderer/history_controller.cc文件安全漏洞
CVE-2016-5129Google Chrome Google V8 安全漏洞
CVE-2016-1705Google Chrome 拒绝服务漏洞
CVE-2016-5127Google Chrome Blink 释放后重用漏洞
CVE-2016-1711Google Chrome Blink 安全漏洞
CVE-2016-1710Google Chrome Blink 安全漏洞
CVE-2016-1709Google Chrome ‘ByteArray::Get’方法基于堆的缓冲区溢出漏洞
CVE-2016-1708Google Chrome Extensions子系统拒绝服务漏洞
CVE-2016-1707Google Chrome 安全漏洞
CVE-2016-1706Google Chrome PPAPI 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2016-5137

No comments yet

Leave a comment