Sign-up

ID

VAR-200411-0158


CVE

CVE-2004-0361


TITLE

apple's  Safari  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000850

DESCRIPTION

The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. for Exists in unspecified vulnerabilities.None. Apple Safari Web Browser is reported to be prone to a security vulnerability related to handling of large JavaScript arrays (with 99999999999999999999999 or 0x23000000 elements). By declaring such an array and then attempting to access it, it may be possible to cause a browser crash. This issue is likely due to memory corruption but it is not known if it could be further exploitable to execute arbitrary code. The Javascript engine of Safari 1.2 and earlier is vulnerable

Trust: 1.98

sources: NVD: CVE-2004-0361 // JVNDB: JVNDB-2004-000850 // BID: 9815 // VULHUB: VHN-8791

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.9

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.9

vendor:applemodel:safariscope:eqversion:beta2

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

sources: BID: 9815 // CNNVD: CNNVD-200411-132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0361
value: MEDIUM

Trust: 1.0

NVD: CVE-2004-0361
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200411-132
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8791
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0361
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-8791
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8791 // JVNDB: JVNDB-2004-000850 // CNNVD: CNNVD-200411-132 // NVD: CVE-2004-0361

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000850 // NVD: CVE-2004-0361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-132

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200411-132

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8791

EXTERNAL IDS
db:NVDid:CVE-2004-0361
Trust: 3.6
db:BIDid:9815
Trust: 2.8
db:JVNDBid:JVNDB-2004-000850
Trust: 0.8
db:CNNVDid:CNNVD-200411-132
Trust: 0.7
db:XFid:15413
Trust: 0.6
db:BUGTRAQid:20040306 SAFARI JAVASCRIPT ARRAY OVERFLOW
Trust: 0.6
db:SEEBUGid:SSVID-77542
Trust: 0.1
db:EXPLOIT-DBid:23793
Trust: 0.1
db:VULHUBid:VHN-8791
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8791 // 
            
            
            
            BID: 9815 // 
            
            
            
            JVNDB: JVNDB-2004-000850 // 
            
            
            
            CNNVD: CNNVD-200411-132 // 
            
            
            
            NVD: CVE-2004-0361

REFERENCES
url:http://www.securityfocus.com/bid/9815
Trust: 2.5
url:http://www.insecure.ws/article.php?story=2004021918172533
Trust: 2.5
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15413
Trust: 1.9
url:http://marc.info/?l=bugtraq&m=107861828510106&w=2
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2004-0361
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/15413
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=107861828510106&w=2
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/356498
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=107861828510106&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8791 // 
            
            
            
            BID: 9815 // 
            
            
            
            JVNDB: JVNDB-2004-000850 // 
            
            
            
            CNNVD: CNNVD-200411-132 // 
            
            
            
            NVD: CVE-2004-0361

CREDITS
Discovery is credited to kang <kang@insecure.ws>.
Trust: 0.9
sources:
            
            
            BID: 9815 // 
            
            
            
            CNNVD: CNNVD-200411-132

SOURCES
db:VULHUBid:VHN-8791
db:BIDid:9815
db:JVNDBid:JVNDB-2004-000850
db:CNNVDid:CNNVD-200411-132
db:NVDid:CVE-2004-0361

LAST UPDATE DATE
2024-08-14T15:15:07.441000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-8791date:2017-07-11T00:00:00
db:BIDid:9815date:2009-07-12T03:06:00
db:JVNDBid:JVNDB-2004-000850date:2024-06-03T09:39:00
db:CNNVDid:CNNVD-200411-132date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0361date:2017-07-11T01:30:06.043

SOURCES RELEASE DATE
db:VULHUBid:VHN-8791date:2004-11-23T00:00:00
db:BIDid:9815date:2004-03-06T00:00:00
db:JVNDBid:JVNDB-2004-000850date:2024-06-03T00:00:00
db:CNNVDid:CNNVD-200411-132date:2004-11-23T00:00:00
db:NVDid:CVE-2004-0361date:2004-11-23T05:00:00