Unrated severityNVD Advisory· Published Apr 10, 2019· Updated Aug 4, 2024

CVE-2019-11070

Description

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

Affected products

Apple Inc./Webkitinferred
Range: <2.24.1
osv-coords18 versions
pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%207
< 2.24.1-lp150.2.19.1+ 17 more
- (no CPE)range: < 2.24.1-lp150.2.19.1
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-3.24.1
- (no CPE)range: < 2.24.1-3.24.1
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5
- (no CPE)range: < 2.24.1-2.41.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.htmlmitrevendor-advisoryx_refsource_SUSE
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/201909-05mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3948-1/mitrevendor-advisoryx_refsource_UBUNTU
packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.htmlmitrex_refsource_MISC
www.openwall.com/lists/oss-security/2019/04/11/1mitremailing-listx_refsource_MLIST
bugs.webkit.org/show_bug.cgimitrex_refsource_MISC
seclists.org/bugtraq/2019/Apr/21mitremailing-listx_refsource_BUGTRAQ
trac.webkit.org/changeset/243197/webkitmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000