{"api_version":"1","generated_at":"2026-05-30T23:18:32+00:00","cve":"CVE-2017-5042","urls":{"html":"https://cve.report/CVE-2017-5042","api":"https://cve.report/api/cve/CVE-2017-5042.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-5042","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-5042"},"summary":{"title":"CVE-2017-5042","description":"Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.","state":"PUBLISHED","assigner":"Chrome","published_at":"2017-04-24 23:59:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-311","insufficient policy enforcement"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.7","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"3.3","severity":"","vector":"AV:A/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/96767","name":"http://www.securityfocus.com/bid/96767","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Google Chrome Prior to 57.0.2987.98 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0499.html","name":"http://rhn.redhat.com/errata/RHSA-2017-0499.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201704-02","name":"https://security.gentoo.org/glsa/201704-02","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Chromium: Multiple vulnerabilities (GLSA 201704-02) — Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://crbug.com/671932","name":"https://crbug.com/671932","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"671932 - \n Security: non-interactive request forcing - \n \n chromium -\n \n \n Monorail","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2017/dsa-3810","name":"http://www.debian.org/security/2017/dsa-3810","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-3810-1 chromium-browser","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html","name":"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Chrome Releases: Stable Channel Update for Desktop","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-5042","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5042","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android","version":"affected Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"5042","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"57.0.2987.100","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"57.0.2987.75","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5042","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-5042","qid":"710550","title":"Gentoo Linux Chromium Multiple Vulnerabilities (GLSA 201704-02)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T14:47:44.398Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"},{"name":"GLSA-201704-02","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201704-02"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://crbug.com/671932"},{"name":"DSA-3810","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2017/dsa-3810"},{"name":"96767","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/96767"},{"name":"RHSA-2017:0499","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2017-0499.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android","vendor":"n/a","versions":[{"status":"affected","version":"Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"}]}],"datePublic":"2017-03-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent."}],"problemTypes":[{"descriptions":[{"description":"insufficient policy enforcement","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-01-04T19:57:01.000Z","orgId":"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28","shortName":"Chrome"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"},{"name":"GLSA-201704-02","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201704-02"},{"tags":["x_refsource_CONFIRM"],"url":"https://crbug.com/671932"},{"name":"DSA-3810","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2017/dsa-3810"},{"name":"96767","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/96767"},{"name":"RHSA-2017:0499","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2017-0499.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@google.com","ID":"CVE-2017-5042","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android","version":{"version_data":[{"version_value":"Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"insufficient policy enforcement"}]}]},"references":{"reference_data":[{"name":"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html","refsource":"CONFIRM","url":"https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"},{"name":"GLSA-201704-02","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201704-02"},{"name":"https://crbug.com/671932","refsource":"CONFIRM","url":"https://crbug.com/671932"},{"name":"DSA-3810","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3810"},{"name":"96767","refsource":"BID","url":"http://www.securityfocus.com/bid/96767"},{"name":"RHSA-2017:0499","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2017-0499.html"}]}}}},"cveMetadata":{"assignerOrgId":"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28","assignerShortName":"Chrome","cveId":"CVE-2017-5042","datePublished":"2017-04-24T23:00:00.000Z","dateReserved":"2017-01-02T00:00:00.000Z","dateUpdated":"2024-08-05T14:47:44.398Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-04-24 23:59:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-311","insufficient policy enforcement"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"57.0.2987.75","matchCriteriaId":"2B9559EF-FA8D-4452-BD04-243F0BD5389D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"57.0.2987.100","matchCriteriaId":"78D4802A-D418-48B0-AB99-B9F28C66F6C4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"5042","Ordinal":"1","Title":"CVE-2017-5042","CVE":"CVE-2017-5042","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"5042","Ordinal":"1","NoteData":"Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.","Type":"Description","Title":"CVE-2017-5042"},{"CveYear":"2017","CveId":"5042","Ordinal":"2","NoteData":"2017-04-24","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"5042","Ordinal":"3","NoteData":"2018-01-04","Type":"Other","Title":"Modified"}]}}}