Details of VAR-200501-0149

ID

VAR-200501-0149

CVE

CVE-2004-1199

TITLE

Apple MacOS X safari Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-220

DESCRIPTION

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed. Mac OS X is an operating system used on Mac machines, based on the BSD system. A denial of service vulnerability exists in Safari 1.2.4 in Mac OS X version 10.3.6

Trust: 1.26

sources: NVD: CVE-2004-1199 // BID: 11759 // VULHUB: VHN-9629

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	beta2	Trust: 1.6
vendor:	apple	model:	safari beta	scope:	eq	version:	2	Trust: 0.3

sources: BID: 11759 // CNNVD: CNNVD-200501-220 // NVD: CVE-2004-1199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1199
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200501-220
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9629
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1199
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9629
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9629 // CNNVD: CNNVD-200501-220 // NVD: CVE-2004-1199

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1199

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-220

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200501-220

EXTERNAL IDS

db:	BID	id:	11759	Trust: 2.0
db:	NVD	id:	CVE-2004-1199	Trust: 1.7
db:	CNNVD	id:	CNNVD-200501-220	Trust: 0.7
db:	FULLDISC	id:	20041125 MORE BROWSER FLAWS ON MACOSX: NESTED ARRAY SORT() LOOP STACK OVERFLOW EXCEPTION	Trust: 0.6
db:	XF	id:	18282	Trust: 0.6
db:	VULHUB	id:	VHN-9629	Trust: 0.1

sources: VULHUB: VHN-9629 // BID: 11759 // CNNVD: CNNVD-200501-220 // NVD: CVE-2004-1199

REFERENCES

url:	http://www.securityfocus.com/bid/11759	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-november/029458.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18282	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/18282	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	/archive/1/382248	Trust: 0.3

sources: VULHUB: VHN-9629 // BID: 11759 // CNNVD: CNNVD-200501-220 // NVD: CVE-2004-1199

CREDITS

Discovery of the original issue is credited to Berend-Jan Wever. Marco Mella is credited with the discovery of the issue in the Safari browser.

Trust: 0.3

sources: BID: 11759

SOURCES

db:	VULHUB	id:	VHN-9629
db:	BID	id:	11759
db:	CNNVD	id:	CNNVD-200501-220
db:	NVD	id:	CVE-2004-1199

LAST UPDATE DATE

2024-08-14T14:53:47.773000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9629	date:	2017-07-11T00:00:00
db:	BID	id:	11759	date:	2004-11-25T00:00:00
db:	CNNVD	id:	CNNVD-200501-220	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1199	date:	2017-07-11T01:30:49.543

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9629	date:	2005-01-10T00:00:00
db:	BID	id:	11759	date:	2004-11-25T00:00:00
db:	CNNVD	id:	CNNVD-200501-220	date:	2005-01-10T00:00:00
db:	NVD	id:	CVE-2004-1199	date:	2005-01-10T05:00:00