{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T15:58:03.496","vulnerabilities":[{"cve":{"id":"CVE-2017-5120","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-10-27T05:29:02.630","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial \"www.\" substring)."},{"lang":"es","value":"El uso incorrecto de redirecciones no coincidentes de www en la navegación por el explorador en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto degradase las peticiones HTTPS a HTTP mediante una página HTML manipulada. En otras palabras, Chrome podría transmitir texto en claro incluso aunque el usuario hubiese introducido una URL https. Esto se debe a un método alternativo mal diseñado para los casos en los que el nombre de dominio en una URL casi coincide con el nombre de dominio en un certificado del servidor X.509 (pero difiere en la subcadena \"www.\" inicial)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"61.0.3163.79","matchCriteriaId":"B97D9FB8-01EE-43BC-A2F5-878995E75A9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","matchCriteriaId":"387021A0-AF36-463C-A605-32EA7DAC172E"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"61.0.3163.81","matchCriteriaId":"0EC32DC3-614B-43A4-B096-73D6D1AFEF99"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","matchCriteriaId":"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3985","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/100610","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1039291","source":"chrome-cve-admin@google.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2676","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/718676","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201709-15","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3985","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/100610","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1039291","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2676","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/718676","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201709-15","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}