CVE-2015-2330 - Vulnerability Details

Vendors	Products
Webkitgtk	Webkitgtk

Link	Providers
http://www.openwall.com/lists/oss-security/2015/03/17/11
http://www.openwall.com/lists/oss-security/2015/03/18/4
https://bugs.webkit.org/show_bug.cgi?id=142244
https://nvd.nist.gov/vuln/detail/CVE-2015-2330
https://security.gentoo.org/glsa/201706-15
https://trac.webkit.org/changeset/181074
https://webkitgtk.org/security/WSA-2015-0002.html
https://www.cve.org/CVERecord?id=CVE-2015-2330

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-17T00:00:00", "descriptions": [{"lang": "en", "value": "Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://webkitgtk.org/security/WSA-2015-0002.html"}, {"name": "[oss-security] 20150317 CVE Request: WebKitGTK+ late TLS certificate verification", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/03/17/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.webkit.org/show_bug.cgi?id=142244"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://trac.webkit.org/changeset/181074"}, {"name": "GLSA-201706-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-15"}, {"name": "[oss-security] 20150318 Re: CVE Request: WebKitGTK+ late TLS certificate verification", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/03/18/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://webkitgtk.org/security/WSA-2015-0002.html", "refsource": "CONFIRM", "url": "https://webkitgtk.org/security/WSA-2015-0002.html"}, {"name": "[oss-security] 20150317 CVE Request: WebKitGTK+ late TLS certificate verification", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/03/17/11"}, {"name": "https://bugs.webkit.org/show_bug.cgi?id=142244", "refsource": "CONFIRM", "url": "https://bugs.webkit.org/show_bug.cgi?id=142244"}, {"name": "https://trac.webkit.org/changeset/181074", "refsource": "CONFIRM", "url": "https://trac.webkit.org/changeset/181074"}, {"name": "GLSA-201706-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-15"}, {"name": "[oss-security] 20150318 Re: CVE Request: WebKitGTK+ late TLS certificate verification", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/03/18/4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:10:16.133Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://webkitgtk.org/security/WSA-2015-0002.html"}, {"name": "[oss-security] 20150317 CVE Request: WebKitGTK+ late TLS certificate verification", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/03/17/11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.webkit.org/show_bug.cgi?id=142244"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://trac.webkit.org/changeset/181074"}, {"name": "GLSA-201706-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-15"}, {"name": "[oss-security] 20150318 Re: CVE Request: WebKitGTK+ late TLS certificate verification", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/03/18/4"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-2330", "datePublished": "2017-03-10T02:00:00", "dateReserved": "2015-03-18T00:00:00", "dateUpdated": "2024-08-06T05:10:16.133Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-03-17T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-06-30T16:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://webkitgtk.org/security/WSA-2015-0002.html (string)

}

1 : { »

name : [oss-security] 20150317 CVE Request: WebKitGTK+ late TLS certificate verification (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/17/11 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugs.webkit.org/show_bug.cgi?id=142244 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://trac.webkit.org/changeset/181074 (string)

}

4 : { »

name : GLSA-201706-15 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201706-15 (string)

}

5 : { »

name : [oss-security] 20150318 Re: CVE Request: WebKitGTK+ late TLS certificate verification (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/18/4 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-2330 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://webkitgtk.org/security/WSA-2015-0002.html (string)

refsource : CONFIRM (string)

url : https://webkitgtk.org/security/WSA-2015-0002.html (string)

}

1 : { »

name : [oss-security] 20150317 CVE Request: WebKitGTK+ late TLS certificate verification (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/03/17/11 (string)

}

2 : { »

name : https://bugs.webkit.org/show_bug.cgi?id=142244 (string)

refsource : CONFIRM (string)

url : https://bugs.webkit.org/show_bug.cgi?id=142244 (string)

}

3 : { »

name : https://trac.webkit.org/changeset/181074 (string)

refsource : CONFIRM (string)

url : https://trac.webkit.org/changeset/181074 (string)

}

4 : { »

name : GLSA-201706-15 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201706-15 (string)

}

5 : { »

name : [oss-security] 20150318 Re: CVE Request: WebKitGTK+ late TLS certificate verification (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/03/18/4 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T05:10:16.133Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://webkitgtk.org/security/WSA-2015-0002.html (string)

}

1 : { »

name : [oss-security] 20150317 CVE Request: WebKitGTK+ late TLS certificate verification (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/17/11 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugs.webkit.org/show_bug.cgi?id=142244 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://trac.webkit.org/changeset/181074 (string)

}

4 : { »

name : GLSA-201706-15 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201706-15 (string)

}

5 : { »

name : [oss-security] 20150318 Re: CVE Request: WebKitGTK+ late TLS certificate verification (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/18/4 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-2330 (string)

datePublished : 2017-03-10T02:00:00 (string)

dateReserved : 2015-03-18T00:00:00 (string)

dateUpdated : 2024-08-06T05:10:16.133Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC51BB0-52EB-4CE5-9E92-1B77CEEB13F0", "versionEndIncluding": "2.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies."}, {"lang": "es", "value": "Verificaci\u00f3n tard\u00eda del certificado TLS en WebKitGTK+ anterior a la versi\u00f3n 2.6.6 permite a atacantes remotos ver una solicitud HTTP segura, incluyendo, por ejemplo, cookies seguras."}], "id": "CVE-2015-2330", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-10T02:59:00.150", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/03/17/11"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/03/18/4"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://bugs.webkit.org/show_bug.cgi?id=142244"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201706-15"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://trac.webkit.org/changeset/181074"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://webkitgtk.org/security/WSA-2015-0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/03/17/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/03/18/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugs.webkit.org/show_bug.cgi?id=142244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201706-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://trac.webkit.org/changeset/181074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://webkitgtk.org/security/WSA-2015-0002.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AEC51BB0-52EB-4CE5-9E92-1B77CEEB13F0 (string)

versionEndIncluding : 2.6.5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. (string)

}

1 : { »

lang : es (string)

value : Verificación tardía del certificado TLS en WebKitGTK+ anterior a la versión 2.6.6 permite a atacantes remotos ver una solicitud HTTP segura, incluyendo, por ejemplo, cookies seguras. (string)

}

]

id : CVE-2015-2330 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-03-10T02:59:00.150 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/17/11 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/18/4 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://bugs.webkit.org/show_bug.cgi?id=142244 (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/201706-15 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://trac.webkit.org/changeset/181074 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://webkitgtk.org/security/WSA-2015-0002.html (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/17/11 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2015/03/18/4 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://bugs.webkit.org/show_bug.cgi?id=142244 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201706-15 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://trac.webkit.org/changeset/181074 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://webkitgtk.org/security/WSA-2015-0002.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-295 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object