Sign-up

ID

VAR-200706-0346


CVE

CVE-2007-2398


TITLE

Apple Safari of Windows Vulnerability that changes the contents of the window title and address bar when used on Windows

Trust: 0.8

sources: JVNDB: JVNDB-2007-001160

DESCRIPTION

Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user's machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. There are vulnerabilities in Konqueror that allow an attacker to spoof the URL adddress bar. The first example uses setInterval() call with relatively small interval value (e.g. 0) to change window.location property. A browser is entrapped within the attacking web site while the user thinks that browser actually left the page. http://alt.swiecki.net/konq2.html The very similar problem affects Apple Safari (3.0.3) but due to recent changes in Safari code (vide http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to conduct a successful attack - URL address bat content changes so frequently so the attack is revealed to the user (variants of attack are currently under investigation). The second one is based on the http URI scheme which allows embedding user/password parameters into it, i.e. http://user:password@domain.com. Such parameters can contain whitespaces, so the attack vector is quite obvious. http://alt.swiecki.net/konq3.html Tested with Konqueror 3.5.7 on Linux 2.6 The snapshot from my dekstop: http://alt.swiecki.net/konq3.png -- Robert Swiecki

Trust: 2.07

sources: NVD: CVE-2007-2398 // JVNDB: JVNDB-2007-001160 // BID: 24484 // VULHUB: VHN-25760 // PACKETSTORM: 58353

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.8

vendor:microsoftmodel:windows 2003 serverscope:eqversion:sp2

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:neversion:3.0.2

Trust: 0.3

vendor:applemodel:safariscope:neversion:2.0.4

Trust: 0.3

sources: BID: 24484 // JVNDB: JVNDB-2007-001160 // CNNVD: CNNVD-200706-350 // NVD: CVE-2007-2398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2398
value: HIGH

Trust: 1.0

NVD: CVE-2007-2398
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-350
value: HIGH

Trust: 0.6

VULHUB: VHN-25760
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2398
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25760
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25760 // JVNDB: JVNDB-2007-001160 // CNNVD: CNNVD-200706-350 // NVD: CVE-2007-2398

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-350

TYPE

Design Error

Trust: 0.9

sources: BID: 24484 // CNNVD: CNNVD-200706-350

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001160

PATCH
title:Safari 3.1.1url:http://support.apple.com/kb/HT1467
Trust: 0.8
title:Safari 3.1.1url:http://support.apple.com/kb/HT1467?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001160

EXTERNAL IDS
db:NVDid:CVE-2007-2398
Trust: 2.9
db:BIDid:24484
Trust: 2.8
db:SECTRACKid:1018282
Trust: 2.5
db:VUPENid:ADV-2007-2316
Trust: 1.7
db:VUPENid:ADV-2008-0979
Trust: 1.7
db:XFid:35050
Trust: 1.4
db:OSVDBid:38862
Trust: 1.1
db:JVNDBid:JVNDB-2007-001160
Trust: 0.8
db:CNNVDid:CNNVD-200706-350
Trust: 0.7
db:BUGTRAQid:20070614 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING
Trust: 0.6
db:BUGTRAQid:20070615 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING
Trust: 0.6
db:APPLEid:APPLE-SA-2008-04-16
Trust: 0.6
db:APPLEid:APPLE-SA-2007-06-22
Trust: 0.6
db:FULLDISCid:20070614 RE: APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING
Trust: 0.6
db:VULHUBid:VHN-25760
Trust: 0.1
db:PACKETSTORMid:58353
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25760 // 
            
            
            
            BID: 24484 // 
            
            
            
            JVNDB: JVNDB-2007-001160 // 
            
            
            
            PACKETSTORM: 58353 // 
            
            
            
            CNNVD: CNNVD-200706-350 // 
            
            
            
            NVD: CVE-2007-2398

REFERENCES
url:http://www.securityfocus.com/bid/24484
Trust: 2.5
url:http://www.securitytracker.com/id?1018282
Trust: 2.5
url:http://support.apple.com/kb/ht1467
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/archive/1/471454/100/0/threaded
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/0979/references
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/2316
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/35050
Trust: 1.4
url:http://www.securityfocus.com/archive/1/471452/100/0/threaded
Trust: 1.1
url:http://osvdb.org/38862
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/2316
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
Trust: 1.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2398
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2398
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/471452/100/0/threaded
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/471452
Trust: 0.3
url:/archive/1/471454
Trust: 0.3
url:http://alt.swiecki.net/konq2.html
Trust: 0.1
url:http://alt.swiecki.net/konq3.png
Trust: 0.1
url:http://user:password@domain.com.
Trust: 0.1
url:http://alt.swiecki.net/konq3.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25760 // 
            
            
            
            BID: 24484 // 
            
            
            
            JVNDB: JVNDB-2007-001160 // 
            
            
            
            PACKETSTORM: 58353 // 
            
            
            
            CNNVD: CNNVD-200706-350 // 
            
            
            
            NVD: CVE-2007-2398

CREDITS
Robert Swiecki※ robert@swiecki.net
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200706-350

SOURCES
db:VULHUBid:VHN-25760
db:BIDid:24484
db:JVNDBid:JVNDB-2007-001160
db:PACKETSTORMid:58353
db:CNNVDid:CNNVD-200706-350
db:NVDid:CVE-2007-2398

LAST UPDATE DATE
2024-11-23T21:02:21.853000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25760date:2018-10-16T00:00:00
db:BIDid:24484date:2008-04-18T00:28:00
db:JVNDBid:JVNDB-2007-001160date:2008-05-13T00:00:00
db:CNNVDid:CNNVD-200706-350date:2009-03-18T00:00:00
db:NVDid:CVE-2007-2398date:2024-11-21T00:30:41.423

SOURCES RELEASE DATE
db:VULHUBid:VHN-25760date:2007-06-21T00:00:00
db:BIDid:24484date:2007-06-14T00:00:00
db:JVNDBid:JVNDB-2007-001160date:2008-05-13T00:00:00
db:PACKETSTORMid:58353date:2007-08-08T07:37:42
db:CNNVDid:CNNVD-200706-350date:2007-06-21T00:00:00
db:NVDid:CVE-2007-2398date:2007-06-21T10:30:00