Details of VAR-200611-0426

ID

VAR-200611-0426

CVE

CVE-2006-6015

TITLE

Safari of JavaScript Implementation buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2006-001580

DESCRIPTION

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. Apple Safari web browser is prone to a denial-of-service vulnerability when executing certain JavaScript code. An attacker can exploit this issue to crash an affected browser. Presumably, this issue may also result in remote code execution, but this has not been confirmed. Apple Safari 2.0.4 is vulnerable to this issue; other versions may also be affected. There is a vulnerability in Apple Safari's processing of very long regular expression matching strings. Remote attackers may use this vulnerability to execute arbitrary commands on the user's machine. If a Safari user is tricked into visiting a site that contains malicious JavaScript, a vulnerability in regular expression processing could be triggered, causing the browser to crash or execute arbitrary commands

Trust: 2.07

sources: NVD: CVE-2006-6015 // JVNDB: JVNDB-2006-001580 // BID: 21053 // VULHUB: VHN-22123 // VULMON: CVE-2006-6015

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4	Trust: 2.4
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3

sources: BID: 21053 // JVNDB: JVNDB-2006-001580 // CNNVD: CNNVD-200611-323 // NVD: CVE-2006-6015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6015
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-6015
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200611-323
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-22123
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2006-6015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-6015
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-22123
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-22123 // VULMON: CVE-2006-6015 // JVNDB: JVNDB-2006-001580 // CNNVD: CNNVD-200611-323 // NVD: CVE-2006-6015

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-323

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200611-323

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-001580

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-22123 // VULMON: CVE-2006-6015

PATCH

title:

Top Page

url:

http://www.apple.com/macosx/

Trust: 0.8

sources: JVNDB: JVNDB-2006-001580

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6015	Trust: 2.6
db:	BID	id:	21053	Trust: 2.1
db:	JVNDB	id:	JVNDB-2006-001580	Trust: 0.8
db:	CNNVD	id:	CNNVD-200611-323	Trust: 0.7
db:	BUGTRAQ	id:	20061114 APPLE SAFARI "MATCH" BUFFER OVERFLOW VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20061114 RE: APPLE SAFARI "MATCH" BUFFER OVERFLOW VULNERABILITY	Trust: 0.6
db:	EXPLOIT-DB	id:	29007	Trust: 0.2
db:	SEEBUG	id:	SSVID-82548	Trust: 0.1
db:	VULHUB	id:	VHN-22123	Trust: 0.1
db:	VULMON	id:	CVE-2006-6015	Trust: 0.1

sources: VULHUB: VHN-22123 // VULMON: CVE-2006-6015 // BID: 21053 // JVNDB: JVNDB-2006-001580 // CNNVD: CNNVD-200611-323 // NVD: CVE-2006-6015

REFERENCES

url:	http://www.securityfocus.com/bid/21053	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/451542/100/0/threaded	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/451823/100/0/threaded	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6015	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6015	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/451823/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/451542/100/0/threaded	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	/archive/1/451542	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/29007/	Trust: 0.1

sources: VULHUB: VHN-22123 // VULMON: CVE-2006-6015 // BID: 21053 // JVNDB: JVNDB-2006-001580 // CNNVD: CNNVD-200611-323 // NVD: CVE-2006-6015

CREDITS

jbh_cg jbh_cg@yahoo.fr

Trust: 0.6

sources: CNNVD: CNNVD-200611-323

SOURCES

db:	VULHUB	id:	VHN-22123
db:	VULMON	id:	CVE-2006-6015
db:	BID	id:	21053
db:	JVNDB	id:	JVNDB-2006-001580
db:	CNNVD	id:	CNNVD-200611-323
db:	NVD	id:	CVE-2006-6015

LAST UPDATE DATE

2024-08-14T14:41:56.331000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-22123	date:	2018-10-17T00:00:00
db:	VULMON	id:	CVE-2006-6015	date:	2018-10-17T00:00:00
db:	BID	id:	21053	date:	2006-11-15T23:26:00
db:	JVNDB	id:	JVNDB-2006-001580	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200611-323	date:	2007-01-03T00:00:00
db:	NVD	id:	CVE-2006-6015	date:	2018-10-17T21:46:16.623

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-22123	date:	2006-11-21T00:00:00
db:	VULMON	id:	CVE-2006-6015	date:	2006-11-21T00:00:00
db:	BID	id:	21053	date:	2006-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2006-001580	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200611-323	date:	2006-11-21T00:00:00
db:	NVD	id:	CVE-2006-6015	date:	2006-11-21T23:07:00