Sign-up

ID

VAR-201704-0010


CVE

CVE-2011-3438


TITLE

Apple Safari Used in WebKit Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-005398

DESCRIPTION

WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component used in Apple Safari 5.0.6

Trust: 1.71

sources: NVD: CVE-2011-3438 // JVNDB: JVNDB-2011-005398 // VULHUB: VHN-51383

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6 (mac os x server v10.5.8)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5.0.6 (mac os x v10.5.8)

Trust: 0.8

sources: JVNDB: JVNDB-2011-005398 // CNNVD: CNNVD-201704-1345 // NVD: CVE-2011-3438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3438
value: HIGH

Trust: 1.0

NVD: CVE-2011-3438
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-1345
value: MEDIUM

Trust: 0.6

VULHUB: VHN-51383
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3438
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51383
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2011-3438
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-51383 // JVNDB: JVNDB-2011-005398 // CNNVD: CNNVD-201704-1345 // NVD: CVE-2011-3438

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-51383 // JVNDB: JVNDB-2011-005398 // NVD: CVE-2011-3438

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1345

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201704-1345

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005398

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT4808url:https://support.apple.com/en-us/HT4808
Trust: 0.8
title:HT4808url:https://support.apple.com/ja-jp/HT4808
Trust: 0.8
title:Apple Safari WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69641
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-005398 // 
            
            
            
            CNNVD: CNNVD-201704-1345

EXTERNAL IDS
db:NVDid:CVE-2011-3438
Trust: 2.5
db:JVNDBid:JVNDB-2011-005398
Trust: 0.8
db:CNNVDid:CNNVD-201704-1345
Trust: 0.6
db:VULHUBid:VHN-51383
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51383 // 
            
            
            
            JVNDB: JVNDB-2011-005398 // 
            
            
            
            CNNVD: CNNVD-201704-1345 // 
            
            
            
            NVD: CVE-2011-3438

REFERENCES
url:http://support.apple.com/kb/ht4808
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3438
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2011-3438
Trust: 0.8
sources:
            
            
            VULHUB: VHN-51383 // 
            
            
            
            JVNDB: JVNDB-2011-005398 // 
            
            
            
            CNNVD: CNNVD-201704-1345 // 
            
            
            
            NVD: CVE-2011-3438

SOURCES
db:VULHUBid:VHN-51383
db:JVNDBid:JVNDB-2011-005398
db:CNNVDid:CNNVD-201704-1345
db:NVDid:CVE-2011-3438

LAST UPDATE DATE
2024-08-14T15:13:35.052000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51383date:2017-04-28T00:00:00
db:JVNDBid:JVNDB-2011-005398date:2017-05-26T00:00:00
db:CNNVDid:CNNVD-201704-1345date:2017-04-28T00:00:00
db:NVDid:CVE-2011-3438date:2017-04-28T15:57:14.433

SOURCES RELEASE DATE
db:VULHUBid:VHN-51383date:2017-04-24T00:00:00
db:JVNDBid:JVNDB-2011-005398date:2017-05-26T00:00:00
db:CNNVDid:CNNVD-201704-1345date:2017-04-28T00:00:00
db:NVDid:CVE-2011-3438date:2017-04-24T19:59:00.223