Wind River Support Network

HomeDefectsLIN5-13631
Fixed

LIN5-13631 : Security Advisory - qt - CVE-2012-5624

Created: Mar 3, 2013    Updated: Dec 19, 2017
Resolved Date: Jul 11, 2014
Previous ID: LIN3-20001
Found In Version: 5.0
Fix Version: 5.0.1.17
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.Per http://www.ubuntu.com/usn/USN-1723-1/

A security issue affects these releases of Ubuntu and its derivatives:
    Ubuntu 12.10
    Ubuntu 12.04 LTS
    Ubuntu 11.10
    Ubuntu 10.04 LTS


http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5624

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online