Sign-up

ID

VAR-200908-0263


CVE

CVE-2009-2196


TITLE

Apple Safari In Top Sites Any Web Vulnerabilities that display sites

Trust: 0.8

sources: JVNDB: JVNDB-2009-002035

DESCRIPTION

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. An attacker may exploit this issue to promote arbitrary sites into the Top Site views through automated actions. Successful exploits will lead to other attacks. Versions prior to Apple Safari 4.0.3 are vulnerable

Trust: 1.98

sources: NVD: CVE-2009-2196 // JVNDB: JVNDB-2009-002035 // BID: 36022 // VULHUB: VHN-39642

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.3

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.11

Trust: 1.0

vendor:microsoftmodel:windows vistascope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.0

vendor:microsoftmodel:windows xpscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.7

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.7

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:safariscope:ltversion:4.0.3

Trust: 0.8

vendor:microsoftmodel:windows vistascope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows xpscope: - version: -

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:neversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

sources: BID: 36022 // JVNDB: JVNDB-2009-002035 // CNNVD: CNNVD-200908-141 // NVD: CVE-2009-2196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2196
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2196
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200908-141
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39642
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2196
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39642
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39642 // JVNDB: JVNDB-2009-002035 // CNNVD: CNNVD-200908-141 // NVD: CVE-2009-2196

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-2196

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-141

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200908-141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002035

PATCH
title:HT3733url:http://support.apple.com/kb/HT3733
Trust: 0.8
title:HT3733url:http://support.apple.com/kb/HT3733?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002035

EXTERNAL IDS
db:NVDid:CVE-2009-2196
Trust: 2.8
db:BIDid:36022
Trust: 2.8
db:SECTRACKid:1022718
Trust: 2.5
db:JVNDBid:JVNDB-2009-002035
Trust: 0.8
db:CNNVDid:CNNVD-200908-141
Trust: 0.7
db:APPLEid:APPLE-SA-2009-08-11-1
Trust: 0.6
db:VULHUBid:VHN-39642
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39642 // 
            
            
            
            BID: 36022 // 
            
            
            
            JVNDB: JVNDB-2009-002035 // 
            
            
            
            CNNVD: CNNVD-200908-141 // 
            
            
            
            NVD: CVE-2009-2196

REFERENCES
url:http://www.securityfocus.com/bid/36022
Trust: 2.5
url:http://www.securitytracker.com/id?1022718
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2009/aug/msg00002.html
Trust: 1.7
url:http://support.apple.com/kb/ht3733
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2196
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2196
Trust: 0.8
url:http://securethoughts.com/2009/08/hijacking-safari-4-top-sites-with-phish-bombs/
Trust: 0.3
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/505692
Trust: 0.3
sources:
            
            
            VULHUB: VHN-39642 // 
            
            
            
            BID: 36022 // 
            
            
            
            JVNDB: JVNDB-2009-002035 // 
            
            
            
            CNNVD: CNNVD-200908-141 // 
            
            
            
            NVD: CVE-2009-2196

CREDITS
Inferno of SecureThoughts.com
Trust: 0.9
sources:
            
            
            BID: 36022 // 
            
            
            
            CNNVD: CNNVD-200908-141

SOURCES
db:VULHUBid:VHN-39642
db:BIDid:36022
db:JVNDBid:JVNDB-2009-002035
db:CNNVDid:CNNVD-200908-141
db:NVDid:CVE-2009-2196

LAST UPDATE DATE
2024-11-23T19:43:01.233000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39642date:2009-08-18T00:00:00
db:BIDid:36022date:2009-08-21T15:46:00
db:JVNDBid:JVNDB-2009-002035date:2009-09-29T00:00:00
db:CNNVDid:CNNVD-200908-141date:2009-08-13T00:00:00
db:NVDid:CVE-2009-2196date:2024-11-21T01:04:21.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-39642date:2009-08-12T00:00:00
db:BIDid:36022date:2009-08-11T00:00:00
db:JVNDBid:JVNDB-2009-002035date:2009-09-29T00:00:00
db:CNNVDid:CNNVD-200908-141date:2009-08-12T00:00:00
db:NVDid:CVE-2009-2196date:2009-08-12T19:30:00.420