CVE-2011-4692

CVE Database · CVE-2011-4692

CVE-2011-4692

· N/AModified

CVSS v3.1

N/A

EPSS

1.21%

Published

Dec 7, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.

Weaknesses (CWE)

CWE-264

Affected Products (3)

apple · safarivulnerable

apple · webkitvulnerable

google · chromevulnerable

References (6)

http://lcamtuf.coredump.cx/cachetime/

Exploit

http://oxplot.github.com/visipisi/visipisi.html

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098

http://lcamtuf.coredump.cx/cachetime/

Exploit

http://oxplot.github.com/visipisi/visipisi.html

Exploit

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14098

KEV Catalog EPSS Scores Vendors All CVEs