Details of VAR-200701-0050

ID

VAR-200701-0050

CVE

CVE-2007-0342

TITLE

Apple WebKit of WebCore Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001403

DESCRIPTION

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the affected framework. Successful exploits will result in denial-of-service conditions. Applications using WebKit build 18794 are vulnerable to this issue

Trust: 1.98

sources: NVD: CVE-2007-0342 // JVNDB: JVNDB-2007-001403 // BID: 22059 // VULHUB: VHN-23704

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.8	Trust: 2.4
vendor:	omnigroup	model:	omniweb	scope:	eq	version:	5.5.3	Trust: 1.8
vendor:	apple	model:	webkit	scope:	eq	version:	build_18794	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4_419.3	Trust: 1.0
vendor:	apple	model:	webkit	scope:	eq	version:	build 18794	Trust: 0.8
vendor:	omni	model:	group omniweb	scope:	eq	version:	5.5.3	Trust: 0.3
vendor:	apple	model:	webkit build	scope:	eq	version:	18794	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3

sources: BID: 22059 // JVNDB: JVNDB-2007-001403 // CNNVD: CNNVD-200701-284 // NVD: CVE-2007-0342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0342
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-0342
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200701-284
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-23704
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-0342
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23704
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23704 // JVNDB: JVNDB-2007-001403 // CNNVD: CNNVD-200701-284 // NVD: CVE-2007-0342

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-23704 // JVNDB: JVNDB-2007-001403 // NVD: CVE-2007-0342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-284

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200701-284

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001403

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23704

PATCH

title:	Top Page	url:	http://www.apple.com/	Trust: 0.8
title:	OmniWeb	url:	http://www.omnigroup.com/products/omniweb/	Trust: 0.8

sources: JVNDB: JVNDB-2007-001403

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0342	Trust: 2.5
db:	BID	id:	22059	Trust: 2.0
db:	JVNDB	id:	JVNDB-2007-001403	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-284	Trust: 0.7
db:	SEEBUG	id:	SSVID-82965	Trust: 0.1
db:	EXPLOIT-DB	id:	29461	Trust: 0.1
db:	VULHUB	id:	VHN-23704	Trust: 0.1

sources: VULHUB: VHN-23704 // BID: 22059 // JVNDB: JVNDB-2007-001403 // CNNVD: CNNVD-200701-284 // NVD: CVE-2007-0342

REFERENCES

url:	http://www.securityfocus.com/bid/22059	Trust: 1.7
url:	http://security-protocols.com/sp-x41-advisory.php	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0342	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0342	Trust: 0.8
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://webkit.org	Trust: 0.3
url:	http://www.apple.com	Trust: 0.3
url:	http://developer.apple.com/darwin/projects/webcore/	Trust: 0.3
url:	http://www.omnigroup.com/applications/omniweb/	Trust: 0.3

sources: VULHUB: VHN-23704 // BID: 22059 // JVNDB: JVNDB-2007-001403 // CNNVD: CNNVD-200701-284 // NVD: CVE-2007-0342

CREDITS

Tom Ferris is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 22059 // CNNVD: CNNVD-200701-284

SOURCES

db:	VULHUB	id:	VHN-23704
db:	BID	id:	22059
db:	JVNDB	id:	JVNDB-2007-001403
db:	CNNVD	id:	CNNVD-200701-284
db:	NVD	id:	CVE-2007-0342

LAST UPDATE DATE

2024-11-23T22:28:23.602000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23704	date:	2008-09-05T00:00:00
db:	BID	id:	22059	date:	2007-01-16T18:00:00
db:	JVNDB	id:	JVNDB-2007-001403	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-284	date:	2007-01-19T00:00:00
db:	NVD	id:	CVE-2007-0342	date:	2024-11-21T00:25:37.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23704	date:	2007-01-18T00:00:00
db:	BID	id:	22059	date:	2007-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-001403	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200701-284	date:	2007-01-17T00:00:00
db:	NVD	id:	CVE-2007-0342	date:	2007-01-18T02:28:00