04 Déc 2015
Vulnerability Details :
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.
Publish Date : 2015-12-05 Last Update Date : 2015-12-05
- CVSS Scores & Vulnerability Types
- Related OVAL Definitions
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.
- Products Affected By CVE-2015-6785
- References For CVE-2015-6785
- Metasploit Modules Related To CVE-2015-6785
There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)