ID

VAR-201110-0326


CVE

CVE-2011-3243


TITLE

Apple iOS and Safari Used in WebKit Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-002464

DESCRIPTION

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. WebKit is prone to a cross-domain scripting vulnerability because the application fails to properly enforce the same-origin policy. Successful exploits will allow attackers to execute arbitrary script code within the context of the affected application. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46377 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46377 RELEASE DATE: 2011-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/46377/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46377/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46377 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device. 1) An error within the CalDAV component does not properly validate the SSL certificate when synchronizing the calendar, which can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack. 2) Input passed via invitation notes is not properly sanitised in Calendar before being returned to the user. 3) The CFNetwork component stores a user's AppleID password and username in the log file readable by applications, which can be exploited to disclose the credentials. 4) The CFNetwork component does not properly restrict cross-domain access of HTTP cookies, which can be exploited to access the cookies of another web site. 5) An error exists within CoreFoundation when handling string tokenization. For more information see vulnerability #1 in: SA46339 6) Multiple errors within CoreGraphics when handling the certain freetype fonts can be exploited to corrupt memory. 7) An error within CoreMedia does not properly handle cross-site redirects and can be exploited to disclose video data. 8) An error exits within the Data Access component when handling multiple accounts configured on the same server and can be exploited to disclose the cookie of another account. 9) The application accepts X.509 certificates with MD5 hashes, which could lead to weak cryptographic certificates being used. This can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack. 10) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168 11) An error within ImageIO when handling CCITT Group 4 encoded TIFF files can be exploited to cause a buffer overflow. For more information see vulnerability #1 in: SA43593 12) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #9 in: SA45325 13) An error within ICU (International Components for Unicode) can be exploited to cause a buffer overflow. For more information see vulnerability #11 in: SA45054 14) An error within the kernel does not reclaim memory from incomplete TCP connections, which can be exploited to exhaust system resources by connecting to a listening service and cause the device to reset. 15) A NULL-pointer dereference error within the kernel when handling IPv6 socket options can be exploited to cause the device to reset. 16) An error within libxml can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #12 in: SA45325 17) An error within OfficeImport when viewing certain Microsoft Word files can be exploited to cause a buffer overflow. 18) An error within OfficeImport when viewing certain Microsoft Excel files can be exploited to cause a buffer overflow. 19) An indexing error exists in the OfficeImport framework when processing certain records in a Microsoft Word file. For more information see vulnerability #19 in: SA45054 20) An error in the OfficeImport framework when processing records can be exploited to corrupt memory. For more information see vulnerability #28 in: SA43814 21) An error within Safari does not properly handle the "attachment" HTTP Content-Disposition header and can be exploited to conduct cross-site scripting attacks. 22) The parental restrictions feature stores the restrictions passcode in plaintext on disk and can be exploited to disclose the passcode. 23) An error within UIKit does not properly handle "tel:" URIs and can be exploited to cause the device to hang by tricking the user into visiting a malicious website. 24) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit. For more information: SA43519 SA43683 SA43696 SA43859 SA45097 SA45325 SA45325 SA45498 SA45498 SA46339 SA46412 25) The WiFi credentials are stored in a file readable by other applications, which may lead to the credentials being disclosed. SOLUTION: Apply iOS 5 Software Update. PROVIDED AND/OR DISCOVERED BY: 1) Leszek Tasiemski, nSense. 6, 9) Reported by the vendor. The vendor credits: 2) Rick Deacon 3) Peter Quade, qdevelop 4) Erling Ellingsen, Facebook. 7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 8) Bob Sielken, IBM 14) Wouter van der Veer, Topicus and Josh Enders 15) Thomas Clement, Intego 17) Tobias Klein via iDefense. 18) Tobias Klein, www.trapkit.de 21) Christian Matthies via iDefense and Yoshinori Oota, Business Architects via JP/CERT. 22) An anonymous person 23) Simon Young, Anglia Ruskin University 25) Laurent OUDOT, TEHTRI Security ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4999 nSense: http://www.nsense.fi/advisories/nsense_2011_006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2011-3243 // JVNDB: JVNDB-2011-002464 // BID: 50088 // VULHUB: VHN-51188 // VULMON: CVE-2011-3243 // PACKETSTORM: 105765

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.6.8 and v10.7.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8 and v10.7.2

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.0 to 4.3.5 (iphone 3gs and iphone 4)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.1 to 4.3.5 (ipod touch (3rd generation) after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 to 4.3.5 (ipad for )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iphone ipadscope:eqversion:3.2.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.2-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.2-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.1.3-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.1.3-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.1.2-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.1.2-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.1-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.0.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.0.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:3.0-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:3.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:5

Trust: 0.3

sources: BID: 50088 // JVNDB: JVNDB-2011-002464 // CNNVD: CNNVD-201110-243 // NVD: CVE-2011-3243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3243
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3243
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201110-243
value: MEDIUM

Trust: 0.6

VULHUB: VHN-51188
value: MEDIUM

Trust: 0.1

VULMON: CVE-2011-3243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3243
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-51188
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51188 // VULMON: CVE-2011-3243 // JVNDB: JVNDB-2011-002464 // CNNVD: CNNVD-201110-243 // NVD: CVE-2011-3243

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-51188 // JVNDB: JVNDB-2011-002464 // NVD: CVE-2011-3243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-243

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201110-243

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002464

PATCH

title:HT4999url:http://support.apple.com/kb/HT4999

Trust: 0.8

title:HT5000url:http://support.apple.com/kb/HT5000

Trust: 0.8

title:Safari5.1.1Lionurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40898

Trust: 0.6

title:SafariSetupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40900

Trust: 0.6

title:Safari5.1.1SnowLeopardurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40899

Trust: 0.6

title:tensorflowurl:https://github.com/elmasryelec/tensorflow

Trust: 0.1

title:uxss-dburl:https://github.com/Metnew/uxss-db

Trust: 0.1

title:uxss-dburl:https://github.com/0xR0/uxss-db

Trust: 0.1

title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers

Trust: 0.1

title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

sources: VULMON: CVE-2011-3243 // JVNDB: JVNDB-2011-002464 // CNNVD: CNNVD-201110-243

EXTERNAL IDS

db:NVDid:CVE-2011-3243

Trust: 2.9

db:BIDid:50088

Trust: 2.1

db:OSVDBid:76353

Trust: 1.2

db:JVNDBid:JVNDB-2011-002464

Trust: 0.8

db:CNNVDid:CNNVD-201110-243

Trust: 0.7

db:SECUNIAid:46377

Trust: 0.7

db:SECUNIAid:46412

Trust: 0.6

db:APPLEid:APPLE-SA-2011-10-12-4

Trust: 0.6

db:APPLEid:APPLE-SA-2011-10-12-1

Trust: 0.6

db:VULHUBid:VHN-51188

Trust: 0.1

db:VULMONid:CVE-2011-3243

Trust: 0.1

db:PACKETSTORMid:105765

Trust: 0.1

sources: VULHUB: VHN-51188 // VULMON: CVE-2011-3243 // BID: 50088 // JVNDB: JVNDB-2011-002464 // PACKETSTORM: 105765 // CNNVD: CNNVD-201110-243 // NVD: CVE-2011-3243

REFERENCES

url:http://www.securityfocus.com/bid/50088

Trust: 1.9

url:http://support.apple.com/kb/ht4999

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00004.html

Trust: 1.8

url:http://support.apple.com/kb/ht5000

Trust: 1.8

url:http://osvdb.org/76353

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/70564

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3243

Trust: 0.8

url:http://jvn.jp/cert/jvnvu177979

Trust: 0.8

url:http://jvn.jp/cert/jvnvu585859

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3243

Trust: 0.8

url:http://secunia.com/advisories/46377

Trust: 0.6

url:http://secunia.com/advisories/46412

Trust: 0.6

url:http://software.cisco.com/download/navigator.html?mdfid=283613663

Trust: 0.3

url:http://www.webkit.org/

Trust: 0.3

url:http://lists.apple.com/archives/security-announce/2011/oct/msg00001.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/elmasryelec/tensorflow

Trust: 0.1

url:https://github.com/metnew/uxss-db

Trust: 0.1

url:https://www.trapkit.de

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/46377/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.nsense.fi/advisories/nsense_2011_006.txt

Trust: 0.1

url:http://secunia.com/products/corporate/vim/ovum_2011_request/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

Trust: 0.1

url:http://secunia.com/advisories/46377/

Trust: 0.1

sources: VULHUB: VHN-51188 // VULMON: CVE-2011-3243 // BID: 50088 // JVNDB: JVNDB-2011-002464 // PACKETSTORM: 105765 // CNNVD: CNNVD-201110-243 // NVD: CVE-2011-3243

CREDITS

Sergey Glazunov

Trust: 0.9

sources: BID: 50088 // CNNVD: CNNVD-201110-243

SOURCES

db:VULHUBid:VHN-51188
db:VULMONid:CVE-2011-3243
db:BIDid:50088
db:JVNDBid:JVNDB-2011-002464
db:PACKETSTORMid:105765
db:CNNVDid:CNNVD-201110-243
db:NVDid:CVE-2011-3243

LAST UPDATE DATE

2024-08-14T12:35:57.319000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-51188date:2017-08-29T00:00:00
db:VULMONid:CVE-2011-3243date:2017-08-29T00:00:00
db:BIDid:50088date:2015-03-19T08:29:00
db:JVNDBid:JVNDB-2011-002464date:2011-10-24T00:00:00
db:CNNVDid:CNNVD-201110-243date:2011-10-17T00:00:00
db:NVDid:CVE-2011-3243date:2017-08-29T01:30:07.553

SOURCES RELEASE DATE

db:VULHUBid:VHN-51188date:2011-10-14T00:00:00
db:VULMONid:CVE-2011-3243date:2011-10-14T00:00:00
db:BIDid:50088date:2011-10-12T00:00:00
db:JVNDBid:JVNDB-2011-002464date:2011-10-24T00:00:00
db:PACKETSTORMid:105765date:2011-10-13T09:15:38
db:CNNVDid:CNNVD-201110-243date:1900-01-01T00:00:00
db:NVDid:CVE-2011-3243date:2011-10-14T10:55:09.683