NVD

Id
23630  
Name
CVE-2015-1269  
Description
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-06-26  
Modified Date
2016-12-30  
Seq
2015-1269  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
125522 23630 CVE-2015-1269 http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html  View
125523 23630 CVE-2015-1269 openSUSE-SU-2015:1146  View
125524 23630 CVE-2015-1269 openSUSE-SU-2015:1872  View
125525 23630 CVE-2015-1269 RHSA-2015:1188  View
125526 23630 CVE-2015-1269 DSA-3315  View
125527 23630 CVE-2015-1269 75336  View
125528 23630 CVE-2015-1269 1032731  View
125529 23630 CVE-2015-1269 USN-2652-1  View
125530 23630 CVE-2015-1269 https://code.google.com/p/chromium/issues/detail?id=461481  View
125531 23630 CVE-2015-1269 https://codereview.chromium.org/1149753002  View
125532 23630 CVE-2015-1269 GLSA-201507-18  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7960 JVNDB-2015-003280 Google Chrome の net/http/transport_security_state.cc の DecodeHSTSPreloadRaw 関数におけるアクセス制限を回避される脆弱性 Google Chrome の net/http/transport_security_state.cc の DecodeHSTSPreloadRaw 関数は、HSTS または HPKP のプリロードエントリの比較を行う前に DNS ホスト名を適切に正規化しないため、アクセス制限を回避される脆弱性が存在します。 CVE-2015-1269 78494 CVE-2015-1269 23630 4.3 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003280.html 2015-06-22 2015-06-29 View