Sign-up

ID

VAR-200803-0243


CVE

CVE-2008-1001


TITLE

Windows XP and Vista Under the environment Apple Safari Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2008-001187

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. Apple Safari is prone to 12 security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible. NOTE: This BID is being retired. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. If users are tricked into opening malicious URLs, sensitive information may be leaked

Trust: 2.25

sources: NVD: CVE-2008-1001 // JVNDB: JVNDB-2008-001187 // BID: 28290 // BID: 28321 // VULHUB: VHN-31126

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.8

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.6

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.6

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.6

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.6

vendor:applemodel:safariscope:eqversion:3

Trust: 0.6

vendor:applemodel:safariscope:neversion:3.1

Trust: 0.6

vendor:microsoftmodel:windows vistascope:eqversion: -

Trust: 0.6

vendor:microsoftmodel:windows xpscope:eqversion: -

Trust: 0.6

vendor:microsoftmodel:windows-ntscope:eqversion:xp

Trust: 0.6

vendor:microsoftmodel:windows-ntscope:eqversion:vista

Trust: 0.6

sources: BID: 28290 // BID: 28321 // JVNDB: JVNDB-2008-001187 // CNNVD: CNNVD-200803-298 // NVD: CVE-2008-1001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1001
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1001
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-298
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31126
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1001
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31126
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-31126 // JVNDB: JVNDB-2008-001187 // CNNVD: CNNVD-200803-298 // NVD: CVE-2008-1001

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-31126 // JVNDB: JVNDB-2008-001187 // NVD: CVE-2008-1001

THREAT TYPE

network

Trust: 0.6

sources: BID: 28290 // BID: 28321

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200803-298

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001187

PATCH
title:Safari 3.1url:http://support.apple.com/kb/HT1315
Trust: 0.8
title:Safari 3.1url:http://docs.info.apple.com/article.html?artnum=307563-ja
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001187

EXTERNAL IDS
db:BIDid:28321
Trust: 2.8
db:BIDid:28290
Trust: 2.8
db:NVDid:CVE-2008-1001
Trust: 2.8
db:SECTRACKid:1019653
Trust: 2.5
db:USCERTid:TA08-079A
Trust: 2.5
db:VUPENid:ADV-2008-0920
Trust: 1.7
db:USCERTid:SA08-079A
Trust: 0.8
db:JVNDBid:JVNDB-2008-001187
Trust: 0.8
db:CNNVDid:CNNVD-200803-298
Trust: 0.7
db:CERT/CCid:TA08-079A
Trust: 0.6
db:APPLEid:APPLE-SA-2008-03-18
Trust: 0.6
db:XFid:41333
Trust: 0.6
db:VULHUBid:VHN-31126
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31126 // 
            
            
            
            BID: 28290 // 
            
            
            
            BID: 28321 // 
            
            
            
            JVNDB: JVNDB-2008-001187 // 
            
            
            
            CNNVD: CNNVD-200803-298 // 
            
            
            
            NVD: CVE-2008-1001

REFERENCES
url:http://www.securityfocus.com/bid/28290
Trust: 2.5
url:http://www.securityfocus.com/bid/28321
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta08-079a.html
Trust: 2.5
url:http://www.securitytracker.com/id?1019653
Trust: 2.5
url:http://docs.info.apple.com/article.html?artnum=307563
Trust: 2.3
url:http://lists.apple.com/archives/security-announce/2008/mar/msg00000.html
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2008/0920/references
Trust: 1.4
url:http://www.vupen.com/english/advisories/2008/0920/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41333
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1001
Trust: 0.8
url:http://jvn.jp/cert/jvnta08-079a/index.html
Trust: 0.8
url:http://jvn.jp/tr/trta08-079a/index.html
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1001
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa08-079a.html
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/41333
Trust: 0.6
sources:
            
            
            VULHUB: VHN-31126 // 
            
            
            
            BID: 28290 // 
            
            
            
            BID: 28321 // 
            
            
            
            JVNDB: JVNDB-2008-001187 // 
            
            
            
            CNNVD: CNNVD-200803-298 // 
            
            
            
            NVD: CVE-2008-1001

CREDITS
Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200803-298

SOURCES
db:VULHUBid:VHN-31126
db:BIDid:28290
db:BIDid:28321
db:JVNDBid:JVNDB-2008-001187
db:CNNVDid:CNNVD-200803-298
db:NVDid:CVE-2008-1001

LAST UPDATE DATE
2024-11-23T20:52:49.756000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-31126date:2018-10-30T00:00:00
db:BIDid:28290date:2008-03-20T20:40:00
db:BIDid:28321date:2008-03-20T16:00:00
db:JVNDBid:JVNDB-2008-001187date:2008-04-04T00:00:00
db:CNNVDid:CNNVD-200803-298date:2008-10-11T00:00:00
db:NVDid:CVE-2008-1001date:2024-11-21T00:43:25.573

SOURCES RELEASE DATE
db:VULHUBid:VHN-31126date:2008-03-19T00:00:00
db:BIDid:28290date:2008-03-18T00:00:00
db:BIDid:28321date:2008-03-18T00:00:00
db:JVNDBid:JVNDB-2008-001187date:2008-04-04T00:00:00
db:CNNVDid:CNNVD-200803-298date:2008-03-18T00:00:00
db:NVDid:CVE-2008-1001date:2008-03-19T00:44:00