← volver
CVE-2019-11070

CVE-2019-11070

EPSS 3.2%
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.htmlhttp://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.htmlhttps://bugs.webkit.org/show_bug.cgi?id=193718https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/https://seclists.org/bugtraq/2019/Apr/21https://security.gentoo.org/glsa/201909-05https://trac.webkit.org/changeset/243197/webkithttps://usn.ubuntu.com/3948-1/http://www.openwall.com/lists/oss-security/2019/04/11/1