Sign-up

ID

VAR-200312-0239


CVE

CVE-2003-0975


TITLE

Apple Safari Web Browser Null character Cookie Stealing vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200312-021

DESCRIPTION

Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. An issue has been discovered in Apple Safari, which may allow an attacker to steal cookie-based authentication credentials from a user of a vulnerable web browser. The problem is in the handling of NULL (%00) characters in URLs. This issue may only be exploited to steal cookies set for a domain, as opposed to cookies set for a specific host in that domain. Cookies set with the secure flag can be stolen if the attacker uses SSL. Apple Safari is a WEB browser based on the Apple system. Remote attackers can exploit this vulnerability to construct malicious URLs, lure users to visit them, and steal sensitive cookie information. If the Apple Safari browser loads the following URL for resolution: http://alive.znep.com\\%00www.passport.com/cgi-bin/cookies will cause the Apple Safari browser to connect to \"\\%00\" before host, but sends the cookie to the server based on the entire hostname. This problem can be used to steal the cookie information of a specific path, and through the specific path and SSL in the request URL, it can also steal the cookie information that uses the secure mark

Trust: 1.26

sources: NVD: CVE-2003-0975 // BID: 9065 // VULHUB: VHN-7800

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.9

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.2.8

Trust: 1.6

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

sources: BID: 9065 // CNNVD: CNNVD-200312-021 // NVD: CVE-2003-0975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0975
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200312-021
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7800
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0975
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7800
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7800 // CNNVD: CNNVD-200312-021 // NVD: CVE-2003-0975

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0975

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-021

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200312-021

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-7800

EXTERNAL IDS
db:NVDid:CVE-2003-0975
Trust: 2.0
db:CNNVDid:CNNVD-200312-021
Trust: 0.7
db:XFid:7973
Trust: 0.6
db:BUGTRAQid:20031118 APPLE SAFARI 1.1 (V100)
Trust: 0.6
db:BIDid:9065
Trust: 0.4
db:VULHUBid:VHN-7800
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7800 // 
            
            
            
            BID: 9065 // 
            
            
            
            CNNVD: CNNVD-200312-021 // 
            
            
            
            NVD: CVE-2003-0975

REFERENCES
url:http://docs.info.apple.com/article.html?artnum=61798
Trust: 1.7
url:http://lists.apple.com/mhonarc/security-announce/msg00042.html
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/7973
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=106917674428552&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/7973
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=106917674428552&w=2
Trust: 0.6
url:http://docs.info.apple.com/article.html?artnum=120282
Trust: 0.3
url:/archive/1/344850
Trust: 0.3
url:/archive/1/344992
Trust: 0.3
url:/archive/1/345221
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=106917674428552&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7800 // 
            
            
            
            BID: 9065 // 
            
            
            
            CNNVD: CNNVD-200312-021 // 
            
            
            
            NVD: CVE-2003-0975

CREDITS
Austin Gilbert※ austin@breakingrobots.net
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-021

SOURCES
db:VULHUBid:VHN-7800
db:BIDid:9065
db:CNNVDid:CNNVD-200312-021
db:NVDid:CVE-2003-0975

LAST UPDATE DATE
2024-08-14T14:00:47.010000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-7800date:2017-07-11T00:00:00
db:BIDid:9065date:2009-07-12T00:56:00
db:CNNVDid:CNNVD-200312-021date:2006-06-15T00:00:00
db:NVDid:CVE-2003-0975date:2017-07-11T01:29:39.073

SOURCES RELEASE DATE
db:VULHUBid:VHN-7800date:2003-12-15T00:00:00
db:BIDid:9065date:2003-11-18T00:00:00
db:CNNVDid:CNNVD-200312-021date:2003-11-18T00:00:00
db:NVDid:CVE-2003-0975date:2003-12-15T05:00:00