fkie_cve-2013-6634
Vulnerability from fkie_nvd
Published
2013-12-07 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| chrome | 31.0.1650.0 | ||
| chrome | 31.0.1650.2 | ||
| chrome | 31.0.1650.3 | ||
| chrome | 31.0.1650.4 | ||
| chrome | 31.0.1650.5 | ||
| chrome | 31.0.1650.6 | ||
| chrome | 31.0.1650.7 | ||
| chrome | 31.0.1650.8 | ||
| chrome | 31.0.1650.9 | ||
| chrome | 31.0.1650.10 | ||
| chrome | 31.0.1650.11 | ||
| chrome | 31.0.1650.12 | ||
| chrome | 31.0.1650.13 | ||
| chrome | 31.0.1650.14 | ||
| chrome | 31.0.1650.15 | ||
| chrome | 31.0.1650.16 | ||
| chrome | 31.0.1650.17 | ||
| chrome | 31.0.1650.18 | ||
| chrome | 31.0.1650.19 | ||
| chrome | 31.0.1650.20 | ||
| chrome | 31.0.1650.22 | ||
| chrome | 31.0.1650.23 | ||
| chrome | 31.0.1650.25 | ||
| chrome | 31.0.1650.26 | ||
| chrome | 31.0.1650.27 | ||
| chrome | 31.0.1650.28 | ||
| chrome | 31.0.1650.29 | ||
| chrome | 31.0.1650.30 | ||
| chrome | 31.0.1650.31 | ||
| chrome | 31.0.1650.32 | ||
| chrome | 31.0.1650.33 | ||
| chrome | 31.0.1650.34 | ||
| chrome | 31.0.1650.35 | ||
| chrome | 31.0.1650.36 | ||
| chrome | 31.0.1650.37 | ||
| chrome | 31.0.1650.38 | ||
| chrome | 31.0.1650.39 | ||
| chrome | 31.0.1650.41 | ||
| chrome | 31.0.1650.42 | ||
| chrome | 31.0.1650.43 | ||
| chrome | 31.0.1650.44 | ||
| chrome | 31.0.1650.45 | ||
| chrome | 31.0.1650.46 | ||
| chrome | 31.0.1650.47 | ||
| chrome | 31.0.1650.48 | ||
| chrome | 31.0.1650.49 | ||
| chrome | 31.0.1650.50 | ||
| chrome | 31.0.1650.51 | ||
| chrome | 31.0.1650.52 | ||
| chrome | 31.0.1650.53 | ||
| chrome | 31.0.1650.54 | ||
| chrome | 31.0.1650.55 | ||
| chrome | 31.0.1650.57 | ||
| chrome | 31.0.1650.58 | ||
| chrome | 31.0.1650.59 | ||
| chrome | 31.0.1650.60 | ||
| chrome | 31.0.1650.61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B166B1D-2593-4AC1-B6B7-136821A6C742",
"versionEndIncluding": "31.0.1650.62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE0CD4B-7AF0-408C-A0A4-5C1BF99DCC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E419AD3-959E-4CBE-AA82-6FF50ADA5F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB7361C-D835-4EA4-A02A-517A88235E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8FBD4F-A625-4481-ACC3-11D1EC38E61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*",
"matchCriteriaId": "54CE56C0-FEBB-4B88-B492-7F4834F1E7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C5BFB2-1662-40C8-91F3-BAADA15BBDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1591A0BA-598A-4B52-990B-D897D0717659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2399FF12-3C99-4822-9C7F-ACE21A75B07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A0F6EDE-7B69-4522-880B-5D384BA165B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F05FCCF-7EF3-4AE8-9699-C59716B64FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABC4ED3-D2F4-49E4-917C-14CBD4B48217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DACE52-4FEE-46DB-8A3E-453927346324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB25316-F742-489F-982A-F2E93CC2A991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCDDE4F-1AFF-47BB-AEED-1162557C3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC97D41-FC3F-4257-ADCF-A18CE16BD123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*",
"matchCriteriaId": "08BB30B1-5D2B-4BF0-A9B2-E9DA58DB4421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7D94E9E7-694E-4D4D-87E3-C599BF0D34E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*",
"matchCriteriaId": "95693DB4-F3A3-4E9B-81BC-9659DC28266F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*",
"matchCriteriaId": "543A3EED-3B52-4F32-91CB-CE519502DAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EA826854-B16A-4F3B-9B45-B20967C398CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5EBF2E-E025-4F7F-8B59-E898526509CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*",
"matchCriteriaId": "57710E9D-5ACE-43B8-87E9-B62FE8602316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2094C58D-F541-4622-8A85-0F29E8FA2C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*",
"matchCriteriaId": "170A2964-5947-4DDB-8AE2-C919BEF38DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*",
"matchCriteriaId": "095EF1A2-A17B-4D1D-A314-770757DBC77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*",
"matchCriteriaId": "15659D3B-13DB-447D-B680-3CBA8A153B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*",
"matchCriteriaId": "206DDB27-676F-4373-A0CC-762C9F593E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE66FCD-C9F5-4341-983A-BED55E80C3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*",
"matchCriteriaId": "7E32F32F-BEFA-41E2-B77E-576662A36A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*",
"matchCriteriaId": "73CC0102-E20D-479C-AF93-1DBCD0052B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*",
"matchCriteriaId": "CA262B88-A7F0-4F27-A002-7CFFF097D95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D23D07-42C3-49E6-B381-E4F8F7392ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*",
"matchCriteriaId": "66941327-5BC4-4F22-920E-5A1E9A2A2234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C01B6CFF-9602-4D81-BCB0-49F584B55AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC5025C-3FEC-4C14-B785-5B3B8E093BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB6E22F-B320-449C-97A2-EB8BFB54B73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*",
"matchCriteriaId": "C13D619A-70FA-4C77-8603-6EEA8F6193D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*",
"matchCriteriaId": "32059BF8-EF17-41C1-A0FC-39B41E775F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*",
"matchCriteriaId": "6636E503-0532-4E10-881E-C3E929CE5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2259D6-6B9F-4625-9E69-CD157748ABBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*",
"matchCriteriaId": "2C9F265B-5685-445B-9EEB-546849AD9272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*",
"matchCriteriaId": "18F7A611-76FC-4AE4-8D5A-F7E75270FDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AF9C17-46A4-46F4-9D22-217EDE0AFAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2FC44E-D049-42B0-AD76-172C1ED06D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCCB144-4569-4B53-9DE5-A5530135D6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2F37CEA3-76DF-4B01-BC5A-9DBC9C107C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*",
"matchCriteriaId": "699343EA-5C96-4ADB-AADE-3490197DFD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*",
"matchCriteriaId": "CABE41D1-D7F1-417C-80D3-80C404BD9546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C71B69CB-3D77-4931-9E3B-9225B7B63EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ED428E-3403-4363-A7B1-A68E65CF7A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.54:*:*:*:*:*:*:*",
"matchCriteriaId": "C05E5233-03DE-425F-8328-106E52FDEF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.55:*:*:*:*:*:*:*",
"matchCriteriaId": "61B4CB82-9609-4C90-8FC6-8BCC147B456F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.57:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1FDF34-2EB9-4FD7-AD77-026AE6D797AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9B695203-6850-49BC-BAA8-A91E4350A713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.59:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1CB211-10B1-4133-89E2-E3F9B4BA2FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F1088A37-81E0-4BAA-917A-047DA78B4144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:31.0.1650.61:*:*:*:*:*:*:*",
"matchCriteriaId": "CB910D57-F102-4F8D-9A94-5A4DD30EF177",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code."
},
{
"lang": "es",
"value": "La funci\u00f3n OneclickSigninHelper::ShowInfoBarIfPossible en browser/ui/sync/one_click_signin_helper.cc en Google Chrome anteriores a 31.0.1650.63 utiliza una URL incorrecta durante validaci\u00f3n del reino (realm), lo cual permite a atacantes efectuar ataques de fijaci\u00f3n de sesi\u00f3n y secuestro de sesiones web mediante sincronizaciones inadecuadas despu\u00e9s de un status code HTTP de 302 (tambi\u00e9n conocido como \"Found\")."
}
],
"id": "CVE-2013-6634",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-07T00:55:03.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56217"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2811"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029442"
},
{
"source": "cve@mitre.org",
"url": "https://code.google.com/p/chromium/issues/detail?id=307159"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://src.chromium.org/viewvc/chrome?revision=236563\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=307159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://src.chromium.org/viewvc/chrome?revision=236563\u0026view=revision"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…