Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-5042


Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.


Published

2017-04-24T23:59:00.597

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

6.5

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-311

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application google chrome ≤ 57.0.2987.75 Yes
Operating System apple macos - No
Operating System linux linux_kernel - No
Operating System microsoft windows - No
Application google chrome ≤ 57.0.2987.100 Yes
Operating System google android - No
Operating System redhat enterprise_linux_desktop 6.0 Yes
Operating System redhat enterprise_linux_server 6.0 Yes
Operating System redhat enterprise_linux_workstation 6.0 Yes
Operating System debian debian_linux 8.0 Yes
Operating System debian debian_linux 9.0 Yes

References