Details of VAR-200508-0121

ID

VAR-200508-0121

CVE

CVE-2005-2594

TITLE

Apple Safari Web Browser Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200508-182

DESCRIPTION

Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body. Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs certain JavaScript operations. The exact cause of this issue is currently unknown. This BID will be updated as further information is disclosed. This vulnerability allows remote attackers to crash affected Web browsers by causing an invalid memory access exception. Safari version 1.3 is reported susceptible to this issue. Other versions may also be affected. Safari is the default web browser on Mac OS X

Trust: 1.26

sources: NVD: CVE-2005-2594 // BID: 14528 // VULHUB: VHN-13803

AFFECTED PRODUCTS

vendor:

apple

model:

safari

scope:

version:

1.3

Trust: 1.9

sources: BID: 14528 // CNNVD: CNNVD-200508-182 // NVD: CVE-2005-2594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2594
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200508-182
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-13803
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-2594
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-13803
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-13803 // CNNVD: CNNVD-200508-182 // NVD: CVE-2005-2594

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2594

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200508-182

TYPE

Design Error

Trust: 0.9

sources: BID: 14528 // CNNVD: CNNVD-200508-182

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-13803

EXTERNAL IDS

db:	BID	id:	14528	Trust: 2.0
db:	NVD	id:	CVE-2005-2594	Trust: 1.7
db:	CNNVD	id:	CNNVD-200508-182	Trust: 0.7
db:	BUGTRAQ	id:	20050809 APPLE SAFARI & JAVASCRIPT - KERN_INVALID_ADDRESS (0X0001)	Trust: 0.6
db:	EXPLOIT-DB	id:	26128	Trust: 0.1
db:	VULHUB	id:	VHN-13803	Trust: 0.1

sources: VULHUB: VHN-13803 // BID: 14528 // CNNVD: CNNVD-200508-182 // NVD: CVE-2005-2594

REFERENCES

url:	http://www.securityfocus.com/bid/14528	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/407702	Trust: 1.7
url:	http://www.apple.com/safari/	Trust: 0.3
url:	/archive/1/407702	Trust: 0.3

sources: VULHUB: VHN-13803 // BID: 14528 // CNNVD: CNNVD-200508-182 // NVD: CVE-2005-2594

CREDITS

Patrick Webster pwebster@ausgeo.com.au

Trust: 0.6

sources: CNNVD: CNNVD-200508-182

SOURCES

db:	VULHUB	id:	VHN-13803
db:	BID	id:	14528
db:	CNNVD	id:	CNNVD-200508-182
db:	NVD	id:	CVE-2005-2594

LAST UPDATE DATE

2024-08-14T14:00:34.787000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-13803	date:	2008-09-05T00:00:00
db:	BID	id:	14528	date:	2005-08-09T00:00:00
db:	CNNVD	id:	CNNVD-200508-182	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-2594	date:	2008-09-05T20:52:10.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-13803	date:	2005-08-17T00:00:00
db:	BID	id:	14528	date:	2005-08-09T00:00:00
db:	CNNVD	id:	CNNVD-200508-182	date:	2005-08-17T00:00:00
db:	NVD	id:	CVE-2005-2594	date:	2005-08-17T04:00:00