Sign-up

ID

VAR-200706-0384


CVE

CVE-2007-3482


TITLE

Apple Safari In " Same origin policy " Vulnerability to avoid

Trust: 0.8

sources: JVNDB: JVNDB-2007-002258

DESCRIPTION

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. Apple Safari is prone to a vulnerability that permits an attacker to bypass the same-origin policy. A successful exploit may allow the attacker to access properties of the targeted domain or aid in spoofing content. This may allow the attacker to steal potentially sensitive information or launch other attacks. This issue affects Apple Safari 3.01; other versions may also be affected. JavaScript overrides document variables and statically sets the document.domain property

Trust: 1.98

sources: NVD: CVE-2007-3482 // JVNDB: JVNDB-2007-002258 // BID: 24700 // VULHUB: VHN-26844

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope: - version: -

Trust: 0.8

vendor:microsoftmodel:windowsscope:eqversion:3.0.1

Trust: 0.8

vendor:microsoftmodel:windows ntscope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:mobile safariscope:eqversion:0

Trust: 0.3

sources: BID: 24700 // JVNDB: JVNDB-2007-002258 // CNNVD: CNNVD-200706-508 // NVD: CVE-2007-3482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3482
value: HIGH

Trust: 1.0

NVD: CVE-2007-3482
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-508
value: HIGH

Trust: 0.6

VULHUB: VHN-26844
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3482
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26844
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26844 // JVNDB: JVNDB-2007-002258 // CNNVD: CNNVD-200706-508 // NVD: CVE-2007-3482

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-26844 // JVNDB: JVNDB-2007-002258 // NVD: CVE-2007-3482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-508

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200706-508

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002258

PATCH
title:Safariurl:http://www.apple.com/safari/
Trust: 0.8
title:Top Pageurl:http://windows.microsoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002258

EXTERNAL IDS
db:NVDid:CVE-2007-3482
Trust: 2.8
db:BIDid:24700
Trust: 2.0
db:OSVDBid:38860
Trust: 1.7
db:JVNDBid:JVNDB-2007-002258
Trust: 0.8
db:CNNVDid:CNNVD-200706-508
Trust: 0.7
db:VULHUBid:VHN-26844
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26844 // 
            
            
            
            BID: 24700 // 
            
            
            
            JVNDB: JVNDB-2007-002258 // 
            
            
            
            CNNVD: CNNVD-200706-508 // 
            
            
            
            NVD: CVE-2007-3482

REFERENCES
url:http://www.0x000000.com/?i=371
Trust: 2.0
url:http://www.securityfocus.com/bid/24700
Trust: 1.7
url:http://osvdb.org/38860
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3482
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3482
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-26844 // 
            
            
            
            BID: 24700 // 
            
            
            
            JVNDB: JVNDB-2007-002258 // 
            
            
            
            CNNVD: CNNVD-200706-508 // 
            
            
            
            NVD: CVE-2007-3482

CREDITS
Gareth Heyes is credited with the discovery of this vulnerability.
Trust: 0.3
sources:
            
            
            BID: 24700

SOURCES
db:VULHUBid:VHN-26844
db:BIDid:24700
db:JVNDBid:JVNDB-2007-002258
db:CNNVDid:CNNVD-200706-508
db:NVDid:CVE-2007-3482

LAST UPDATE DATE
2024-11-23T22:03:53.510000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26844date:2008-11-15T00:00:00
db:BIDid:24700date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-002258date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200706-508date:2007-07-02T00:00:00
db:NVDid:CVE-2007-3482date:2024-11-21T00:33:21.180

SOURCES RELEASE DATE
db:VULHUBid:VHN-26844date:2007-06-28T00:00:00
db:BIDid:24700date:2007-06-28T00:00:00
db:JVNDBid:JVNDB-2007-002258date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200706-508date:2007-06-28T00:00:00
db:NVDid:CVE-2007-3482date:2007-06-28T18:30:00