Details of VAR-201003-0124

ID

VAR-201003-0124

CVE

CVE-2010-0044

TITLE

Apple Safari of PubSub In Cookie Vulnerability set

Trust: 0.8

sources: JVNDB: JVNDB-2010-001184

DESCRIPTION

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Safari is prone to a configuration-bypass weakness that affects the PubSub component of Safari. A successful attack will result in the bypass of intended security settings. This may result in a false sense of security. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. This issue affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP, and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system

Trust: 2.25

sources: NVD: CVE-2010-0044 // JVNDB: JVNDB-2010-001184 // BID: 38675 // BID: 38671 // VULHUB: VHN-42649

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 2.2
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 2.2
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 2.2
vendor:	apple	model:	safari	scope:	eq	version:	4.0.0b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 1.2
vendor:	apple	model:	safari	scope:	lte	version:	4.0.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	4.0.5	Trust: 0.8
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.4	Trust: 0.6
vendor:	apple	model:	safari	scope:	ne	version:	4.0.5	Trust: 0.6
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.3	Trust: 0.6
vendor:	apple	model:	safari for windows	scope:	eq	version:	4	Trust: 0.6
vendor:	apple	model:	safari beta	scope:	eq	version:	4	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.6
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.2	Trust: 0.6
vendor:	apple	model:	safari for windows	scope:	ne	version:	4.0.5	Trust: 0.6

sources: BID: 38675 // BID: 38671 // JVNDB: JVNDB-2010-001184 // CNNVD: CNNVD-201003-183 // NVD: CVE-2010-0044

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0044
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0044
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201003-183
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42649
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0044
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42649
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42649 // JVNDB: JVNDB-2010-001184 // CNNVD: CNNVD-201003-183 // NVD: CVE-2010-0044

PROBLEMTYPE DATA

problemtype:

CWE-16

Trust: 1.9

sources: VULHUB: VHN-42649 // JVNDB: JVNDB-2010-001184 // NVD: CVE-2010-0044

THREAT TYPE

network

Trust: 0.6

sources: BID: 38675 // BID: 38671

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201003-183

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001184

PATCH

title:	HT4070	url:	http://support.apple.com/kb/HT4070	Trust: 0.8
title:	HT4070	url:	http://support.apple.com/kb/HT4070?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001184

EXTERNAL IDS

db:	BID	id:	38675	Trust: 2.8
db:	NVD	id:	CVE-2010-0044	Trust: 2.8
db:	BID	id:	38671	Trust: 2.0
db:	OSVDB	id:	62937	Trust: 1.1
db:	JVNDB	id:	JVNDB-2010-001184	Trust: 0.8
db:	CNNVD	id:	CNNVD-201003-183	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2010-03-11-1	Trust: 0.6
db:	NSFOCUS	id:	14628	Trust: 0.6
db:	VULHUB	id:	VHN-42649	Trust: 0.1

sources: VULHUB: VHN-42649 // BID: 38675 // BID: 38671 // JVNDB: JVNDB-2010-001184 // CNNVD: CNNVD-201003-183 // NVD: CVE-2010-0044

REFERENCES

url:	http://www.securityfocus.com/bid/38675	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2010/mar/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/38671	Trust: 1.7
url:	http://support.apple.com/kb/ht4070	Trust: 1.7
url:	http://osvdb.org/62937	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7051	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/56830	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0044	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0044	Trust: 0.8
url:	http://www.apple.com/safari/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/14628	Trust: 0.6

sources: VULHUB: VHN-42649 // BID: 38675 // BID: 38671 // JVNDB: JVNDB-2010-001184 // CNNVD: CNNVD-201003-183 // NVD: CVE-2010-0044

CREDITS

Matthew Jurczyk Billy Rios Robert Swiecki robert@swiecki.net wushi wooshi@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-201003-183

SOURCES

db:	VULHUB	id:	VHN-42649
db:	BID	id:	38675
db:	BID	id:	38671
db:	JVNDB	id:	JVNDB-2010-001184
db:	CNNVD	id:	CNNVD-201003-183
db:	NVD	id:	CVE-2010-0044

LAST UPDATE DATE

2024-11-23T20:53:06.123000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42649	date:	2017-09-19T00:00:00
db:	BID	id:	38675	date:	2010-03-11T00:00:00
db:	BID	id:	38671	date:	2010-03-12T15:32:00
db:	JVNDB	id:	JVNDB-2010-001184	date:	2010-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201003-183	date:	2010-03-15T00:00:00
db:	NVD	id:	CVE-2010-0044	date:	2024-11-21T01:11:24.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42649	date:	2010-03-15T00:00:00
db:	BID	id:	38675	date:	2010-03-11T00:00:00
db:	BID	id:	38671	date:	2010-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2010-001184	date:	2010-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201003-183	date:	2010-03-15T00:00:00
db:	NVD	id:	CVE-2010-0044	date:	2010-03-15T13:28:25.467