CVE-2018-8383Authentication Bypass by Spoofing in Microsoft Edge

CWE-290Authentication Bypass by SpoofingCWE-20Improper Input Validation22 documents11 sources
Severity
8.1HIGHNVD
NVD4.3CNA4.3OSV4.3
EPSS
3.6%
top 12.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
WebkitgtkWpewebkit WPE WebkitGnome Epiphany+4 more
Timeline
PublishedAug 15
Latest updateMay 13

Description

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5microsoft/microsoft_edge9 versions+8
NVDwebkitgtk/webkitgtk< 2.24.1
NVDwpewebkit/wpe_webkit< 2.24.1
NVDgnome/epiphany3.31.4
NVDopensuse/leap15.0, 42.3+1

Also affects: Fedora 28, 29, 30, Ubuntu Linux 18.04, 18.10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-2g5m-5chx-p2ww: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability2022-05-13
GHSA
GHSA-jw83-p6j3-cg9w: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability2022-05-13
GHSA
GHSA-w36c-w6x2-gj2r: WebKitGTK and WPE WebKit prior to version 22022-05-13
CVEList
CVE-2019-6251: WebKitGTK and WPE WebKit prior to version 22019-01-14
OSV
CVE-2019-6251: WebKitGTK and WPE WebKit prior to version 22019-01-14

💥Exploits & PoCs

1
Exploit-DB
OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection2018-10-02

📋Vendor Advisories

3
Debian
CVE-2019-6251: webkit2gtk - WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar s...2019
Red Hat
webkitgtk: processing maliciously crafted web content lead to URI spoofing2018-09-11
Microsoft
Microsoft Edge Spoofing Vulnerability2018-08-14

🕵️Threat Intelligence

7
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days2018-08-15
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days2018-08-15
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days2018-08-15
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days2018-08-15
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days2018-08-15

💬Community

1
Bugzilla
CVE-2019-6251 webkitgtk: processing maliciously crafted web content lead to URI spoofing2019-01-18
CVE-2018-8383 — Authentication Bypass by Spoofing | cvebase