Sign-up

ID

VAR-200807-0013


CVE

CVE-2008-2318


TITLE

Apple Xcode Tool WebObjects Local sessions at ID Improper addition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-001519

DESCRIPTION

The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. Apple WebObjects is prone to an information-disclosure vulnerability when generating URIs for HTML documents. To exploit this issue an affected application would have to contain a URI to an arbitrary website that an attacker has control of or on which the attacker can view activity logs. Harvested session ID data can aid in attacks. Versions of WebObjects that are affected are currently unspecified, however those included in Xcode versions prior to 3.1 are affected. Xcode is the development tool used on Apple machines. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Xcode tools Vulnerability and Security Issue SECUNIA ADVISORY ID: SA31060 VERIFY ADVISORY: http://secunia.com/advisories/31060/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ Apple Xcode 3.x http://secunia.com/product/19297/ DESCRIPTION: A vulnerability and a security issue have been reported in Xcode tools, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. 1) A boundary error in the handling of .funhouse files in CoreImage Examples can be exploited to cause a buffer overflow when a user is tricked into opening a specially crafted .funhouse file. Successful exploitation allows execution of arbitrary code. 2) An error in WebObjects exists within the handling of session IDs where the session ID is always appended to the URL generated by WOHyperlink. This may lead to the disclosure of session IDs when generating URLs to other web sites. SOLUTION: Update to version 3.1. PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, Netragard 2) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2352 Netragard: http://www.netragard.com/pdfs/research/NETRAGARD-20080630-FUNHOUSE.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-2318 // JVNDB: JVNDB-2008-001519 // BID: 30191 // VULHUB: VHN-32443 // PACKETSTORM: 68151

AFFECTED PRODUCTS

vendor:applemodel:xcode toolsscope:eqversion:2.0

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:2.4

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:2.5

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:2.3

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:1.0

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:2.4.1

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:2.2.1

Trust: 1.6

vendor:applemodel:xcode toolsscope:eqversion:2.1

Trust: 1.6

vendor:applemodel:xcodescope:eqversion:1.5

Trust: 1.6

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 1.3

vendor:applemodel:xcode toolsscope:lteversion:3.0

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:3.1

Trust: 0.8

vendor:applemodel:xcode toolsscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.3.3

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.3.2

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.3.1

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.2.4

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.2.3

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.2.2

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.1.3

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.1.2

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.4

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.3

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:webobjectsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:xcodescope:neversion:3.1

Trust: 0.3

sources: BID: 30191 // JVNDB: JVNDB-2008-001519 // CNNVD: CNNVD-200807-218 // NVD: CVE-2008-2318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2318
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-2318
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200807-218
value: MEDIUM

Trust: 0.6

VULHUB: VHN-32443
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-2318
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32443
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32443 // JVNDB: JVNDB-2008-001519 // CNNVD: CNNVD-200807-218 // NVD: CVE-2008-2318

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-32443 // JVNDB: JVNDB-2008-001519 // NVD: CVE-2008-2318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200807-218

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200807-218

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001519

PATCH
title:Xcode tools 3.1url:http://support.apple.com/kb/HT2352
Trust: 0.8
title:Xcode tools 3.1url:http://support.apple.com/kb/HT2352?viewlocale=ja_JP&locale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001519

EXTERNAL IDS
db:NVDid:CVE-2008-2318
Trust: 2.8
db:SECTRACKid:1020473
Trust: 2.5
db:BIDid:30191
Trust: 2.0
db:SECUNIAid:31060
Trust: 1.8
db:VUPENid:ADV-2008-2093
Trust: 1.7
db:JVNDBid:JVNDB-2008-001519
Trust: 0.8
db:APPLEid:APPLE-SA-2008-07-11
Trust: 0.6
db:XFid:43735
Trust: 0.6
db:CNNVDid:CNNVD-200807-218
Trust: 0.6
db:VULHUBid:VHN-32443
Trust: 0.1
db:PACKETSTORMid:68151
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32443 // 
            
            
            
            BID: 30191 // 
            
            
            
            JVNDB: JVNDB-2008-001519 // 
            
            
            
            PACKETSTORM: 68151 // 
            
            
            
            CNNVD: CNNVD-200807-218 // 
            
            
            
            NVD: CVE-2008-2318

REFERENCES
url:http://www.securitytracker.com/id?1020473
Trust: 2.5
url:http://support.apple.com/kb/ht2352
Trust: 2.1
url:http://lists.apple.com/archives/security-announce//2008/jul/msg00002.html
Trust: 1.7
url:http://www.securityfocus.com/bid/30191
Trust: 1.7
url:http://secunia.com/advisories/31060
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/2093/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/43735
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2318
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2318
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/43735
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2093/references
Trust: 0.6
url:http://developer.apple.com/tools/webobjects/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/19297/
Trust: 0.1
url:http://secunia.com/advisories/31060/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://www.netragard.com/pdfs/research/netragard-20080630-funhouse.txt
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/10144/
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://corporate.secunia.com/about_secunia/64/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32443 // 
            
            
            
            BID: 30191 // 
            
            
            
            JVNDB: JVNDB-2008-001519 // 
            
            
            
            PACKETSTORM: 68151 // 
            
            
            
            CNNVD: CNNVD-200807-218 // 
            
            
            
            NVD: CVE-2008-2318

CREDITS
Apple
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200807-218

SOURCES
db:VULHUBid:VHN-32443
db:BIDid:30191
db:JVNDBid:JVNDB-2008-001519
db:PACKETSTORMid:68151
db:CNNVDid:CNNVD-200807-218
db:NVDid:CVE-2008-2318

LAST UPDATE DATE
2024-08-14T13:17:18.693000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32443date:2017-08-08T00:00:00
db:BIDid:30191date:2008-07-12T05:39:00
db:JVNDBid:JVNDB-2008-001519date:2008-08-01T00:00:00
db:CNNVDid:CNNVD-200807-218date:2008-11-15T00:00:00
db:NVDid:CVE-2008-2318date:2017-08-08T01:30:56.857

SOURCES RELEASE DATE
db:VULHUBid:VHN-32443date:2008-07-14T00:00:00
db:BIDid:30191date:2008-07-12T00:00:00
db:JVNDBid:JVNDB-2008-001519date:2008-08-01T00:00:00
db:PACKETSTORMid:68151date:2008-07-15T00:11:26
db:CNNVDid:CNNVD-200807-218date:2008-07-14T00:00:00
db:NVDid:CVE-2008-2318date:2008-07-14T18:41:00