Vulnerability Details : CVE-2011-4692
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.
Exploit prediction scoring system (EPSS) score for CVE-2011-4692
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4692
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-4692
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4692
-
http://lcamtuf.coredump.cx/cachetime/
Rapid history extraction through non-destructive cache timing (v8)Exploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098
Repository / Oval Repository
-
http://oxplot.github.com/visipisi/visipisi.html
Site not found ยท GitHub PagesExploit
Products affected by CVE-2011-4692
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*