QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2853

Published: Jul 10, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vectors that trigger header truncation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://code.google.com/p/chromium/issues/detail?id=244260

x_refsource_CONFIRM

http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=44b400c80726ee5d205a27730a0c846be656a071

x_refsource_CONFIRM

oval:org.mitre.oval:def:17033

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_DEBIAN

http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html

x_refsource_CONFIRM

http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=f4f9f4948de5a59462e13ad712d7d9117238aeea

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.