All the vulnerabilites related to Apple Inc. - Safari
jvndb-2011-000088
Vulnerability from jvndb
Published
2011-10-17 18:56
Modified
2012-08-07 12:11
Summary
Safari for iOS vulnerable to cross-site scripting
Details
Safari for iOS provided by Apple contains a cross-site scripting vulnerability.
Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000088.html", "dc:date": "2012-08-07T12:11+09:00", "dcterms:issued": "2011-10-17T18:56+09:00", "dcterms:modified": "2012-08-07T12:11+09:00", "description": "Safari for iOS provided by Apple contains a cross-site scripting vulnerability.\r\n\r\nSafari for iOS provided by Apple does not support the \"attachment\" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability.\r\n\r\nYoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000088.html", "sec:cpe": { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000088", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN41657660/index.html", "@id": "JVN#41657660", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3426", "@id": "CVE-2011-3426", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3426", "@id": "CVE-2011-3426", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Safari for iOS vulnerable to cross-site scripting" }
jvndb-2007-000727
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Safari allows access from HTTP to HTTPS
Details
Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session.
Safari is a default web browser installed in Mac OS X and iPhone.
Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari | |
Apple Inc. | iPhone | |
Apple Inc. | Apple Mac OS X |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000727.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session.\r\n\r\nSafari is a default web browser installed in Mac OS X and iPhone.\r\nSafari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TLS from an HTTP page in the same domain.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000727.html", "sec:cpe": [ { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/h:apple:iphone", "@product": "iPhone", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000727", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN79013771/", "@id": "JVN#79013771", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4671", "@id": "CVE-2007-4671", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4671", "@id": "CVE-2007-4671", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/26983", "@id": "SA26983", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/25852", "@id": "25852", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36862", "@id": "36862", "@source": "XF" }, { "#text": "http://securitytracker.com/id?1018752", "@id": "1018752", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2007/3287", "@id": "FrSIRT/ADV-2007-3287", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-20", "@title": "Improper Input Validation(CWE-20)" } ], "title": "Safari allows access from HTTP to HTTPS" }
jvndb-2007-000560
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Safari URL spoofing vulnerability
Details
Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar.
Apple's Safari is a web browser installed as default with Mac OS X.
There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users.
This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.
References
▼ | Type | URL |
---|---|---|
JVN | http://jvn.jp/en/jp/JVN16018033/index.html | |
CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742 | |
NVD | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3742 | |
BID | http://www.securityfocus.com/bid/24636 | |
XF | http://xforce.iss.net/xforce/xfdb/35716 | |
FRSIRT | http://www.frsirt.com/english/advisories/2007/2730 | |
Resource Management Errors(CWE-399) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Link Following(CWE-59) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari | |
Apple Inc. | iPhone |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Apple\u0027s Safari contains a vulnerability that allows spoofing of URLs in the address bar.\r\n\r\nApple\u0027s Safari is a web browser installed as default with Mac OS X.\r\n\r\nThere is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. \r\nThis could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html", "sec:cpe": [ { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/h:apple:iphone", "@product": "iPhone", "@vendor": "Apple Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000560", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN16018033/index.html", "@id": "JVN#16018033", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742", "@id": "CVE-2007-3742", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3742", "@id": "CVE-2007-3742", "@source": "NVD" }, { "#text": "http://www.securityfocus.com/bid/24636", "@id": "24636", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/35716", "@id": "35716", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/2730", "@id": "FrSIRT/ADV-2007-2730", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-399", "@title": "Resource Management Errors(CWE-399)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-59", "@title": "Link Following(CWE-59)" } ], "title": "Safari URL spoofing vulnerability" }
jvndb-2013-000050
Vulnerability from jvndb
Published
2013-05-31 15:44
Modified
2013-05-31 15:44
Summary
Safari information disclosure vulnerability
Details
Safari contains an information disclosure vulnerability caused the by the improper handling of XML files.
Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN07354844/index.html | |
No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000050.html", "dc:date": "2013-05-31T15:44+09:00", "dcterms:issued": "2013-05-31T15:44+09:00", "dcterms:modified": "2013-05-31T15:44+09:00", "description": "Safari contains an information disclosure vulnerability caused the by the improper handling of XML files.\r\n\r\nTakayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000050.html", "sec:cpe": { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, "sec:cvss": { "@score": "2.6", "@severity": "Low", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2013-000050", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN07354844/index.html", "@id": "JVN#07354844", "@source": "JVN" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Safari information disclosure vulnerability" }
jvndb-2018-000029
Vulnerability from jvndb
Published
2018-03-30 13:39
Modified
2018-06-14 14:02
Severity ?
Summary
Safari vulnerable to script injection
Details
Safari provided by Apple Inc. contains a script injection vulnerability (CWE-81) in the processing of displaying an error page when it fails to verify server certificates.
In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output straightly. Therefore by exploiting this vulnerability, an arbitrary script may be executed on the user's web browser via an error page that is displayed when a user is led to visit a website with a specially crafted domain name.
Yuji Tonai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/jp/JVN01161596/index.html | |
CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4133 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2018-4133 | |
Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000029.html", "dc:date": "2018-06-14T14:02+09:00", "dcterms:issued": "2018-03-30T13:39+09:00", "dcterms:modified": "2018-06-14T14:02+09:00", "description": "Safari provided by Apple Inc. contains a script injection vulnerability (CWE-81) in the processing of displaying an error page when it fails to verify server certificates.\r\nIn an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is output straightly. Therefore by exploiting this vulnerability, an arbitrary script may be executed on the user\u0027s web browser via an error page that is displayed when a user is led to visit a website with a specially crafted domain name.\r\n\r\nYuji Tonai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000029.html", "sec:cpe": { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, "sec:cvss": [ { "@score": "5.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "@version": "2.0" }, { "@score": "5.4", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "@version": "3.0" } ], "sec:identifier": "JVNDB-2018-000029", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN01161596/index.html", "@id": "JVN#01161596", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4133", "@id": "CVE-2018-4133", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-4133", "@id": "CVE-2018-4133", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-20", "@title": "Improper Input Validation(CWE-20)" } ], "title": "Safari vulnerable to script injection" }
jvndb-2012-000088
Vulnerability from jvndb
Published
2012-10-23 14:57
Modified
2012-10-23 14:57
Summary
Safari vulnerable to local file content disclosure
Details
Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure.
Masahiro YAMADA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000088.html", "dc:date": "2012-10-23T14:57+09:00", "dcterms:issued": "2012-10-23T14:57+09:00", "dcterms:modified": "2012-10-23T14:57+09:00", "description": "Safari contains a vulnerability where a local file may be accessed from remote, which may result in a local file content disclosure.\r\n\r\nMasahiro YAMADA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000088.html", "sec:cpe": { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2012-000088", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN42676559/index.html", "@id": "JVN#42676559", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3713", "@id": "CVE-2012-3713", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3713", "@id": "CVE-2012-3713", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Safari vulnerable to local file content disclosure" }
jvndb-2010-001538
Vulnerability from jvndb
Published
2010-11-26 17:16
Modified
2010-12-10 17:48
Summary
Safari address bar spoofing vulnerability
Details
Safari contains a vulnerability where the URL displayed in the address may be spoofed.
Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001538.html", "dc:date": "2010-12-10T17:48+09:00", "dcterms:issued": "2010-11-26T17:16+09:00", "dcterms:modified": "2010-12-10T17:48+09:00", "description": "Safari contains a vulnerability where the URL displayed in the address may be spoofed.\r\n\r\nSafari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed.", "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001538.html", "sec:cpe": [ { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/h:apple:ipad", "@product": "iPad", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/h:apple:iphone", "@product": "iPhone", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/h:apple:ipod_touch", "@product": "iPod touch", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:iphone_os", "@product": "iOS", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:iphone_os_for_ipod_touch", "@product": "iOS for iPod touch", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2010-001538", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN46026251/index.html", "@id": "JVN#46026251", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1384", "@id": "CVE-2010-1384", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1384", "@id": "CVE-2010-1384", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/40105", "@id": "SA40105", "@source": "SECUNIA" }, { "#text": "http://securitytracker.com/id?1024067", "@id": "1024067", "@source": "SECTRACK" }, { "#text": "http://www.vupen.com/english/advisories/2010/1373", "@id": "VUPEN/ADV-2010-1373", "@source": "VUPEN" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Safari address bar spoofing vulnerability" }
jvndb-2014-004316
Vulnerability from jvndb
Published
2014-09-25 14:54
Modified
2014-09-25 14:54
Summary
Safari issue in handling application cache
Details
Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Apple Inc. | Safari | |
Apple Inc. | iOS |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-004316.html", "dc:date": "2014-09-25T14:54+09:00", "dcterms:issued": "2014-09-25T14:54+09:00", "dcterms:modified": "2014-09-25T14:54+09:00", "description": "Safari contains an issue in the handling of application cache where contents that were cached when the private browsing function is turned off may be used after the private browsing function is turned on.\r\n\r\nYosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-004316.html", "sec:cpe": [ { "#text": "cpe:/a:apple:safari", "@product": "Safari", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:iphone_os", "@product": "iOS", "@vendor": "Apple Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2014-004316", "sec:references": [ { "#text": "http://jvn.jp/vu/JVNVU93868849/index.html", "@id": "JVNVU#93868849", "@source": "JVN" }, { "#text": "http://jvn.jp/en/jp/JVN45442753/index.html", "@id": "JVN#45442753", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4409", "@id": "CVE-2014-4409", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4409", "@id": "CVE-2014-4409", "@source": "NVD" }, { "#text": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html", "@id": "APPLE-SA-2014-09-17-1 iOS 8", "@source": "Related Information" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Safari issue in handling application cache" }