Vulnerabilities > CVE-2019-6251
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-B3AD0A302B.NASL description Rebase to latest stable branch 2.24. For details see 2.23 and 2.24 release notes : - https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html - https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html - https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html - https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html - https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html - https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html - https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html - https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html Security fix for CVE-2019-6251 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124067 published 2019-04-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124067 title Fedora 29 : webkit2gtk3 (2019-b3ad0a302b) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-b3ad0a302b. # include("compat.inc"); if (description) { script_id(124067); script_version("1.3"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2019-6251"); script_xref(name:"FEDORA", value:"2019-b3ad0a302b"); script_name(english:"Fedora 29 : webkit2gtk3 (2019-b3ad0a302b)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Rebase to latest stable branch 2.24. For details see 2.23 and 2.24 release notes : - https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html - https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html - https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html - https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html - https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html - https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html - https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html - https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html Security fix for CVE-2019-6251 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3ad0a302b" ); script_set_attribute( attribute:"solution", value:"Update the affected webkit2gtk3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkit2gtk3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"webkit2gtk3-2.24.1-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkit2gtk3"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-74F7603660.NASL description New version, fixes CVE-2019-6251 ---- New version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124371 published 2019-04-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124371 title Fedora 29 : wpewebkit (2019-74f7603660) NASL family Fedora Local Security Checks NASL id FEDORA_2019-77433FC7F3.NASL description New version, fixes CVE-2019-6251 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124507 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124507 title Fedora 30 : wpewebkit (2019-77433fc7f3) NASL family Fedora Local Security Checks NASL id FEDORA_2019-432B3DFF25.NASL description Rebase to latest stable branch 2.24. For details see 2.23 and 2.24 release notes : - https://www.webkitgtk.org/2018/11/22/webkitgtk2.23.1-released.html - https://www.webkitgtk.org/2019/01/08/webkitgtk2.23.2-released.html - https://www.webkitgtk.org/2019/01/14/webkitgtk2.23.3-released.html - https://www.webkitgtk.org/2019/02/14/webkitgtk2.23.90-released.html - https://www.webkitgtk.org/2019/02/20/webkitgtk2.23.91-released.html - https://www.webkitgtk.org/2019/03/06/webkitgtk2.23.92-released.html - https://www.webkitgtk.org/2019/03/13/webkitgtk2.24.0-released.html - https://www.webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html Security fix for CVE-2019-6251 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124285 published 2019-04-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124285 title Fedora 28 : webkit2gtk3 (2019-432b3dff25) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2196.NASL description According to the version of the webkitgtk3 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130658 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130658 title EulerOS 2.0 SP5 : webkitgtk3 (EulerOS-SA-2019-2196) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2197.NASL description According to the version of the webkitgtk4 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130659 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130659 title EulerOS 2.0 SP5 : webkitgtk4 (EulerOS-SA-2019-2197) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1391.NASL description This update for webkit2gtk3 to version 2.24.1 fixes the following issues : Security issues fixed : - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125019 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125019 title openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1391) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1199.NASL description According to the version of the webkitgtk4 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.(CVE-2019-6251) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134488 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134488 title EulerOS Virtualization for ARM 64 3.0.2.0 : webkitgtk4 (EulerOS-SA-2020-1199) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1374.NASL description This update for webkit2gtk3 to version 2.24.1 fixes the following issues : Security issues fixed : - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124851 published 2019-05-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124851 title openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201909-05.NASL description The remote host is affected by the vulnerability described in GLSA-201909-05 (WebkitGTK+: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Impact : An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 128594 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128594 title GLSA-201909-05 : WebkitGTK+: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3DD46E059FB011E9BF6500012E582166.NASL description The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 126519 published 2019-07-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126519 title FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3dd46e05-9fb0-11e9-bf65-00012e582166) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3948-1.NASL description A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124115 published 2019-04-17 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124115 title Ubuntu 18.04 LTS / 18.10 : webkit2gtk vulnerabilities (USN-3948-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1155-1.NASL description This update for webkit2gtk3 to version 2.24.1 fixes the following issues : Security issues fixed : CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124674 published 2019-05-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124674 title SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:1155-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1137-1.NASL description This update for webkit2gtk3 to version 2.24.1 fixes the following issues : Security issues fixed : CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124645 published 2019-05-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124645 title SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:1137-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-D9A15BE3BA.NASL description - Do not allow changes in active URI before provisional load starts for non-API requests. - Stop the threaded compositor when the page is not visible or layer tree state is frozen. - Use WebKit HTTP source element again for adaptive streaming fragments downloading. - Properly handle empty resources in webkit_web_resource_get_data(). - Add quirk to ensure outlook.live.com uses the modern UI. - Fix methods returing GObject or boxed types in JavaScriptCore GLib API. - Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API. - Fix rendering of complex text when the font uses x,y origins. - Fix sound loop with Google Hangouts and WhatsApp notifications. - Fix the build with GStreamer 1.12.5 and GST GL enabled. - Detect SSE2 at compile time. - Fix several crashes and rendering issues. - Security fixes: CVE-2019-6251, CVE-2019-11070. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124544 published 2019-05-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124544 title Fedora 30 : webkit2gtk3 (2019-d9a15be3ba)
References
- https://gitlab.gnome.org/GNOME/epiphany/issues/532
- https://seclists.org/bugtraq/2019/Apr/21
- http://www.openwall.com/lists/oss-security/2019/04/11/1
- http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html
- https://usn.ubuntu.com/3948-1/
- https://trac.webkit.org/changeset/243434
- https://bugs.webkit.org/show_bug.cgi?id=194208
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html
- https://security.gentoo.org/glsa/201909-05
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/