Details of VAR-200512-0893

ID

VAR-200512-0893

CVE

CVE-2005-4678

TITLE

Apple Safari Remote attack vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-827

DESCRIPTION

Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Safari is prone to a remote security vulnerability. The problem is that the browser fails to show the correct URL in the status bar if an image control has been enclosed in a hyperlink and uses a form to specify the destination URL. This may cause a user to follow a link to a seemingly trusted website when in fact the browser opens a malicious website. This is related to: SA17565 Example: <form action="[malicious site]"> <a href="[trusted site]"><input type="image" src="[image]"></a> </form> The weakness has been confirmed in version 2.0.2 (416.12). Other versions may also be affected. SOLUTION: Do not follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Safari by marc. Originally discovered in Internet Explorer and Opera by Claudio "Sverx". OTHER REFERENCES: SA17565: http://secunia.com/advisories/17565/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-4678 // BID: 88907 // VULHUB: VHN-15886 // PACKETSTORM: 41622

AFFECTED PRODUCTS

vendor:

apple

model:

safari

scope:

version:

2.0.2

Trust: 1.9

sources: BID: 88907 // CNNVD: CNNVD-200512-827 // NVD: CVE-2005-4678

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4678
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200512-827
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-15886
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-4678
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-15886
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-15886 // CNNVD: CNNVD-200512-827 // NVD: CVE-2005-4678

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4678

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-827

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200512-827

EXTERNAL IDS

db:	SECUNIA	id:	17618	Trust: 2.1
db:	NVD	id:	CVE-2005-4678	Trust: 2.0
db:	CNNVD	id:	CNNVD-200512-827	Trust: 0.7
db:	BID	id:	88907	Trust: 0.4
db:	VULHUB	id:	VHN-15886	Trust: 0.1
db:	PACKETSTORM	id:	41622	Trust: 0.1

sources: VULHUB: VHN-15886 // BID: 88907 // PACKETSTORM: 41622 // CNNVD: CNNVD-200512-827 // NVD: CVE-2005-4678

REFERENCES

url:	http://secunia.com/advisories/17618	Trust: 2.0
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/17618/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/5289/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/17565/	Trust: 0.1

sources: VULHUB: VHN-15886 // BID: 88907 // PACKETSTORM: 41622 // CNNVD: CNNVD-200512-827 // NVD: CVE-2005-4678

CREDITS

Unknown

Trust: 0.3

sources: BID: 88907

SOURCES

db:	VULHUB	id:	VHN-15886
db:	BID	id:	88907
db:	PACKETSTORM	id:	41622
db:	CNNVD	id:	CNNVD-200512-827
db:	NVD	id:	CVE-2005-4678

LAST UPDATE DATE

2024-08-14T15:09:45.551000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-15886	date:	2008-09-05T00:00:00
db:	BID	id:	88907	date:	2005-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200512-827	date:	2006-02-01T00:00:00
db:	NVD	id:	CVE-2005-4678	date:	2008-09-05T20:57:31.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-15886	date:	2005-12-31T00:00:00
db:	BID	id:	88907	date:	2005-12-31T00:00:00
db:	PACKETSTORM	id:	41622	date:	2005-11-19T21:56:12
db:	CNNVD	id:	CNNVD-200512-827	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-4678	date:	2005-12-31T05:00:00