Action not permitted
Modal body text goes here.
CVE-2007-0478
Vulnerability from cvelistv5
Published
2007-01-25 00:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "23893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23893"
},
{
"name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "32712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32712"
},
{
"name": "1018494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018494"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "safari-html-comment-xss(31846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2732",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "23893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23893"
},
{
"name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
},
{
"name": "APPLE-SA-2007-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "32712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32712"
},
{
"name": "1018494",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018494"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "safari-html-comment-xss(31846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"name": "26235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "23893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23893"
},
{
"name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "32712",
"refsource": "OSVDB",
"url": "http://osvdb.org/32712"
},
{
"name": "1018494",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018494"
},
{
"name": "http://www.beanfuzz.com/wordpress/?p=99",
"refsource": "MISC",
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "safari-html-comment-xss(31846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0478",
"datePublished": "2007-01-25T00:00:00",
"dateReserved": "2007-01-24T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2007-0478\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-25T00:28:00.000\",\"lastModified\":\"2018-10-16T16:32:57.870\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.\"},{\"lang\":\"es\",\"value\":\"En WebCore en Apple Mac OS X versiones 10.3.9 y 10.4.10, tal como es usado en Safari, no analiza de forma apropiada los comentarios HTML en elementos TITLE, lo que permite a los atacantes remotos conducir ataques de tipo Cross-Site Scripting (XSS) y omitir algunos esquemas de protecci\u00f3n XSS insertando ciertas etiquetas HTML dentro de un comentario HTML.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D089858-3AF9-4B82-912D-AA33F25E3715\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE370CAA-04B3-434E-BD5B-1D87DE596C10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"918442A6-677E-47A1-BD22-F0E9FF1E0048\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=306172\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32712\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23893\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26235\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018494\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.beanfuzz.com/wordpress/?p=99\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/457763/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25159\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2732\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/31846\",\"source\":\"cve@mitre.org\"}]}}"
}
}
var-200701-0407
Vulnerability from variot
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA26235
VERIFY ADVISORY: http://secunia.com/advisories/26235/
CRITICAL: Highly critical
IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
WHERE:
From remote
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI.
2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks.
3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet.
4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet.
5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet.
Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution.
For more information: SA13237
7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet.
8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system.
For more information: SA25800
9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet.
10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file.
11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system.
For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123
12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed.
13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA25232
14) An unspecified error in Samba can be exploited to bypass file system quotas.
15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks.
For more information: SA16987 SA20406 SA21354 SA23195 SA25200
16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions.
For more information: SA24732 SA25383 SA25721
17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences.
18) An error in WebCore can be exploited to conduct cross-site scripting attacks.
For more information see vulnerability #1 in: SA23893
19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information.
For more information see vulnerability #2 in: SA23893
20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari.
21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL.
This is similar to: SA14164
22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page.
23) Input validation errors exists in bzgrep and zgrep.
For more information: SA15047
SOLUTION: Apply Security Update 2007-007.
Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html
Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html
Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html
Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html
Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html
Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html
PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators.
ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172
OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/
SA15047: http://secunia.com/advisories/15047/
SA16987: http://secunia.com/advisories/16987/
SA20406: http://secunia.com/advisories/20406/
SA21354: http://secunia.com/advisories/21354/
SA22588: http://secunia.com/advisories/22588/
SA23195: http://secunia.com/advisories/23195/
SA23893: http://secunia.com/advisories/23893/
SA24814: http://secunia.com/advisories/24814/
SA24356: http://secunia.com/advisories/24356/
SA24440: http://secunia.com/advisories/24440/
SA24505: http://secunia.com/advisories/24505/
SA24542: http://secunia.com/advisories/24542/
SA24732: http://secunia.com/advisories/24732/
SA25800: http://secunia.com/advisories/25800/
SA25123: http://secunia.com/advisories/25123/
SA25200: http://secunia.com/advisories/25200/
SA25232: http://secunia.com/advisories/25232/
SA25383: http://secunia.com/advisories/25383/
SA25721: http://secunia.com/advisories/25721/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Secunia is proud to announce the availability of the Secunia Software Inspector.
Try it out online: http://secunia.com/software_inspector/
TITLE: Safari HTML Parsing Weakness
SECUNIA ADVISORY ID: SA23893
VERIFY ADVISORY: http://secunia.com/advisories/23893/
CRITICAL: Not critical
IMPACT: Cross Site Scripting
WHERE:
From remote
SOFTWARE: Safari 2.x http://secunia.com/product/5289/
DESCRIPTION: Jose Avila III has discovered a weakness in Safari, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
The weakness is caused due to an error in the parsing of comments within certain tags of an HTML document. Arbitrary HTML and script code in a comment tag is executed in a user's browser session when preceded by the corresponding closing tag (e.g. the title tag).
Successful exploitation is possible on web sites that allow users to insert unsanitised HTML and script code within a comment into such a tag.
The weakness is confirmed in Safari 2.0.4. Other versions may also be affected.
SOLUTION: Do not browse untrusted sites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-10
http://security.gentoo.org/
Severity: Low Title: KHTML: Cross-site scripting (XSS) vulnerability Date: March 10, 2007 Bugs: #165606 ID: 200703-10
Synopsis
The KHTML component shipped with the KDE libraries is prone to a cross-site scripting (XSS) vulnerability.
Background
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8
Description
The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a related issue to the Safari error found by Jose Avila.
Impact
When viewing a HTML page that renders unsanitized attacker-supplied input in the page title, Konqueror and other parts of KDE will execute arbitrary JavaScript code contained in the page title, allowing for the theft of browser session data or cookies.
Workaround
There is no known workaround at this time.
Resolution
All KDElibs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8"
References
[ 1 ] CVE-2007-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 [ 2 ] CVE-2007-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200703-10.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
Updated Packages:
Mandriva Linux 2007.0: 7882590402c82ff347205c176380153e 2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm 01c4eb64ef06a8a8759843be0c07a920 2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm e63e9a2d3a07d3f2cfa20e495a5b1010 2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm 1ad276143d78de84b08606a815eecda9 2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 081d768881b4f012e75854738189327d 2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm 051e3625e87627e52c47590961523b51 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm 6a2b0171144925bd21073553816f33b1 2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm ae2202556fccf0bb820ed3e8401825ec 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm
Corporate 3.0: 6afd1be3e42d77e131e44f9ed969c80e corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm c00a10231de66159fecb2106e56ec1ca corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm 733852a68f994ace4eb35017342443fb corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm
Corporate 3.0/X86_64: 418170a92387d41c49f3d32c91c97c9b corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm 590e047f677eb717c40a9e2fd77590e8 corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm ec04fe80ee4a983e1ad98f54d75681af corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm
Corporate 4.0: 2dc94e4e225b74d3f2e283b04c836273 corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm 826d76e2f3d50f48513ed18c4360dd67 corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm f7dad3711d9406d1123428f2c0cd9453 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm 88f0164705a9d71f21c3c4edfe7822b2 corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm e00f9222203a3c51a747a694e3ab32c7 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 88d9b2f945bd62aa89b5f7743320cc0a corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm c1e462eaeb2127939d0d3775fb7a04a4 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm a559376fde6f8513904010fc377293e7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm d97e4c4dd9859b6e43f3399e3e2c5fa1 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm f3e43bca041aeca542bba33a0bac1d43 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc 7PYBsjk/ZTsogFdYFeWPWdc= =r0d9 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "webcore",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.9 and 10.4.10"
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "webcore",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.10"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.3.9"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "5.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "f...",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10"
},
{
"model": "home",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"model": "linux enterprise server sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"model": "suse linux open-xchange",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.1"
},
{
"model": "suse core for",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9x86"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux openexchange server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux office server",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux enterprise server for s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux enterprise server for s/390",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"model": "linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10"
},
{
"model": "linux database server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "2007.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "libkhtml",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "4.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.2-6"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.5"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.4"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1"
},
{
"model": "konqueror b",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2.1"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.2"
},
{
"model": "konqueror",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.4"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.3"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.5"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.4"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.3"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.2"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.0.1"
},
{
"model": "kdelibs",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.6"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.4"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.4"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.4"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.2"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.1"
},
{
"model": "b",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.4"
},
{
"model": "a",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "3.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.0.1"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "2.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.1.2"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.1.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.3,
"vendor": "kde",
"version": "1.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "safari rss pre-release",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2"
},
{
"model": "mobile safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "4.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "4.0"
},
{
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "3.0"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "4.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "22428"
},
{
"db": "BID",
"id": "23020"
},
{
"db": "BID",
"id": "25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0478"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0478",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-0478",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-23840",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0478",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-23840",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23840"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. \nExploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. \nAll versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. Apple Mac OS X is prone to multiple security vulnerabilities. \nThese issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. \nApple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26235\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26235/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Spoofing, Manipulation of\ndata, Exposure of sensitive information, Privilege escalation, DoS,\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error within the handling of FTP URIs in CFNetwork can be\nexploited to run arbitrary FTP commands in context of the user\u0027s FTP\nclient, when a user is enticed to click on a specially crafted FTP\nURI. \n\n2) An input validation error can cause applications using CFNetwork\nto become vulnerable to HTTP response splitting attacks. \n\n3) A design error exists in the Java interface to CoreAudio, which\ncan be exploited to free arbitrary memory, when a user is enticed to\nvisit a web site containing a specially crafted Java applet. \n\n4) An unspecified error exists in the Java interface to CoreAudio,\nwhich can be exploited to read or write out of bounds of the\nallocated heap by enticing a user to visit a web site containing a\nspecially crafted Java applet. \n\n5) A unspecified error exists in the Java interface to CoreAudio,\nwhich can be exploited to instantiate or manipulate objects outside\nthe bounds of the allocated heap, when a user is enticed to visit a\nweb site containing a specially crafted Java applet. \n\nSuccessful exploitation of vulnerabilities #3 to #5 may allow\narbitrary code execution. \n\nFor more information:\nSA13237\n\n7) A boundary error within the UPnP IGD (Internet Gateway Device\nStandardized Device Control Protocol) code in iChat can be exploited\non the local network to crash the application or to execute arbitrary\ncode, by sending a specially crafted packet. \n\n8) Some vulnerabilities in Kerberos can be exploited by malicious\nusers and malicious people to compromise a vulnerable system. \n\nFor more information:\nSA25800\n\n9) An error within the UPnP IGD (Internet Gateway Device Standardized\nDevice Control Protocol) code in mDNSResponder can be exploited on the\nlocal network to crash the application or to execute arbitrary code,\nby sending a specially crafted packet. \n\n10) An integer underflow exists in PDFKit within the handling of PDF\nfiles in Preview and may be exploited to execute arbitrary code when\na user opens a specially crafted PDF file. \n\n11) Multiple vulnerabilities exist in PHP, which can be exploited to\ndisclose potentially sensitive information, to cause a DoS (Denial of\nService), to bypass certain security restrictions, to conduct\ncross-site scripting attacks, or to compromise a vulnerable system. \n\nFor more information:\nSA24814\nSA24356\nSA24440\nSA24505\nSA24542\nSA25123\n\n12) An error exists in Quartz Composer due to an uninitialized object\npointer when handling Quartz Composer files and may be exploited to\nexecute arbitrary code when a specially crafted Quartz Composer file\nis viewed. \n\n13) Some vulnerabilities exist in Samba, which can be exploited by\nmalicious people to compromise a vulnerable system. \n\nFor more information:\nSA25232\n\n14) An unspecified error in Samba can be exploited to bypass file\nsystem quotas. \n\n15) Some vulnerabilities in Squirrelmail can be exploited by\nmalicious people to disclose and manipulate certain sensitive\ninformation or to conduct cross-site scripting, cross-site request\nforgery, and script insertion attacks. \n\nFor more information:\nSA16987\nSA20406\nSA21354\nSA23195\nSA25200\n\n16) Some vulnerabilities in Apache Tomcat can be exploited by\nmalicious people to conduct cross-site scripting attacks or to bypass\ncertain security restrictions. \n\nFor more information:\nSA24732\nSA25383\nSA25721\n\n17) An error in WebCore can be exploited to load Java applets even\nwhen Java is disabled in the preferences. \n\n18) An error in WebCore can be exploited to conduct cross-site\nscripting attacks. \n\nFor more information see vulnerability #1 in:\nSA23893\n\n19) An error in WebCore can be exploited by malicious people to gain\nknowledge of sensitive information. \n\nFor more information see vulnerability #2 in:\nSA23893\n\n20) An error in WebCore when handling properties of certain global\nobjects can be exploited to conduct cross-site scripting attacks when\nnavigating to a new URL with Safari. \n\n21) An error in WebKit within in the handling of International Domain\nName (IDN) support and Unicode fonts embedded in Safari can be\nexploited to spoof a URL. \n\nThis is similar to:\nSA14164\n\n22) A boundary error in the Perl Compatible Regular Expressions\n(PCRE) library in WebKit and used by the JavaScript engine in Safari\ncan be exploited to cause a heap-based buffer overflow when a user\nvisits a malicious web page. \n\n23) Input validation errors exists in bzgrep and zgrep. \n\nFor more information:\nSA15047\n\nSOLUTION:\nApply Security Update 2007-007. \n\nSecurity Update 2007-007 (10.4.10 Server Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html\n\nSecurity Update 2007-007 (10.4.10 Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700710410universal.html\n\nSecurity Update 2007-007 (10.4.10 Server PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700710410serverppc.html\n\nSecurity Update 2007-007 (10.4.10 PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700710410ppc.html\n\nSecurity Update 2007-007 (10.3.9 Server):\nhttp://www.apple.com/support/downloads/securityupdate20070071039server.html\n\nSecurity Update 2007-007 (10.3.9):\nhttp://www.apple.com/support/downloads/securityupdate20070071039.html\n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Steven Kramer, sprintteam.nl. \n14) The vendor credits Mike Matz, Wyomissing Area School District. \n17) The vendor credits Scott Wilde. \n19) Secunia Research\n22) The vendor credits Charlie Miller and Jake Honoroff of\nIndependent Security Evaluators. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306172\n\nOTHER REFERENCES:\nSA13237:\nhttp://secunia.com/advisories/13237/\n\nSA15047:\nhttp://secunia.com/advisories/15047/\n\nSA16987:\nhttp://secunia.com/advisories/16987/\n\nSA20406:\nhttp://secunia.com/advisories/20406/\n\nSA21354:\nhttp://secunia.com/advisories/21354/\n\nSA22588:\nhttp://secunia.com/advisories/22588/\n\nSA23195:\nhttp://secunia.com/advisories/23195/\n\nSA23893:\nhttp://secunia.com/advisories/23893/\n\nSA24814:\nhttp://secunia.com/advisories/24814/\n\nSA24356:\nhttp://secunia.com/advisories/24356/\n\nSA24440:\nhttp://secunia.com/advisories/24440/\n\nSA24505:\nhttp://secunia.com/advisories/24505/\n\nSA24542:\nhttp://secunia.com/advisories/24542/\n\nSA24732:\nhttp://secunia.com/advisories/24732/\n\nSA25800:\nhttp://secunia.com/advisories/25800/\n\nSA25123:\nhttp://secunia.com/advisories/25123/\n\nSA25200:\nhttp://secunia.com/advisories/25200/\n\nSA25232:\nhttp://secunia.com/advisories/25232/\n\nSA25383:\nhttp://secunia.com/advisories/25383/\n\nSA25721:\nhttp://secunia.com/advisories/25721/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nSafari HTML Parsing Weakness\n\nSECUNIA ADVISORY ID:\nSA23893\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23893/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSafari 2.x\nhttp://secunia.com/product/5289/\n\nDESCRIPTION:\nJose Avila III has discovered a weakness in Safari, which can\npotentially be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nThe weakness is caused due to an error in the parsing of comments\nwithin certain tags of an HTML document. Arbitrary HTML and script\ncode in a comment tag is executed in a user\u0027s browser session when\npreceded by the corresponding closing tag (e.g. the title tag). \n\nSuccessful exploitation is possible on web sites that allow users to\ninsert unsanitised HTML and script code within a comment into such a\ntag. \n\nThe weakness is confirmed in Safari 2.0.4. Other versions may also be\naffected. \n\nSOLUTION:\nDo not browse untrusted sites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200703-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: KHTML: Cross-site scripting (XSS) vulnerability\n Date: March 10, 2007\n Bugs: #165606\n ID: 200703-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nThe KHTML component shipped with the KDE libraries is prone to a\ncross-site scripting (XSS) vulnerability. \n\nBackground\n==========\n\nKDE is a feature-rich graphical desktop environment for Linux and\nUnix-like Operating Systems. KHTML is the HTML interpreter used in\nKonqueror and other parts of KDE. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 kde-base/kdelibs \u003c 3.5.5-r8 \u003e= 3.5.5-r8\n\nDescription\n===========\n\nThe KHTML code allows for the execution of JavaScript code located\ninside the \"Title\" HTML element, a related issue to the Safari error\nfound by Jose Avila. \n\nImpact\n======\n\nWhen viewing a HTML page that renders unsanitized attacker-supplied\ninput in the page title, Konqueror and other parts of KDE will execute\narbitrary JavaScript code contained in the page title, allowing for the\ntheft of browser session data or cookies. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll KDElibs users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=kde-base/kdelibs-3.5.5-r8\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-0537\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537\n [ 2 ] CVE-2007-0478\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200703-10.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n Updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 7882590402c82ff347205c176380153e 2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm\n 01c4eb64ef06a8a8759843be0c07a920 2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm\n e63e9a2d3a07d3f2cfa20e495a5b1010 2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm\n 1ad276143d78de84b08606a815eecda9 2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm \n 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 081d768881b4f012e75854738189327d 2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm\n 051e3625e87627e52c47590961523b51 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm\n 6a2b0171144925bd21073553816f33b1 2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm\n ae2202556fccf0bb820ed3e8401825ec 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm \n 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 6afd1be3e42d77e131e44f9ed969c80e corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm\n c00a10231de66159fecb2106e56ec1ca corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm\n 733852a68f994ace4eb35017342443fb corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm \n 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 418170a92387d41c49f3d32c91c97c9b corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm\n 590e047f677eb717c40a9e2fd77590e8 corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm\n ec04fe80ee4a983e1ad98f54d75681af corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm \n 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm\n\n Corporate 4.0:\n 2dc94e4e225b74d3f2e283b04c836273 corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm\n 826d76e2f3d50f48513ed18c4360dd67 corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm\n f7dad3711d9406d1123428f2c0cd9453 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm\n 88f0164705a9d71f21c3c4edfe7822b2 corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm\n e00f9222203a3c51a747a694e3ab32c7 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm \n 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 88d9b2f945bd62aa89b5f7743320cc0a corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm\n c1e462eaeb2127939d0d3775fb7a04a4 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm\n a559376fde6f8513904010fc377293e7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm\n d97e4c4dd9859b6e43f3399e3e2c5fa1 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm\n f3e43bca041aeca542bba33a0bac1d43 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm \n 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc\n7PYBsjk/ZTsogFdYFeWPWdc=\n=r0d9\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "BID",
"id": "22428"
},
{
"db": "BID",
"id": "23020"
},
{
"db": "BID",
"id": "25159"
},
{
"db": "VULHUB",
"id": "VHN-23840"
},
{
"db": "PACKETSTORM",
"id": "58225"
},
{
"db": "PACKETSTORM",
"id": "53974"
},
{
"db": "PACKETSTORM",
"id": "55049"
},
{
"db": "PACKETSTORM",
"id": "54183"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0478",
"trust": 3.6
},
{
"db": "BID",
"id": "25159",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "23893",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "26235",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "32712",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2732",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018494",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20070123 SAFARI IMPROPERLY PARSES HTML DOCUMENTS \u0026 BLOGSPOT XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "31846",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-07-31",
"trust": 0.6
},
{
"db": "MISC",
"id": "HTTP://WWW.BEANFUZZ.COM/WORDPRESS/?P=99",
"trust": 0.6
},
{
"db": "BID",
"id": "22428",
"trust": 0.3
},
{
"db": "BID",
"id": "23020",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "54183",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "55049",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-23840",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58225",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "53974",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23840"
},
{
"db": "BID",
"id": "22428"
},
{
"db": "BID",
"id": "23020"
},
{
"db": "BID",
"id": "25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "PACKETSTORM",
"id": "58225"
},
{
"db": "PACKETSTORM",
"id": "53974"
},
{
"db": "PACKETSTORM",
"id": "55049"
},
{
"db": "PACKETSTORM",
"id": "54183"
},
{
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"id": "VAR-200701-0407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23840"
}
],
"trust": 0.25801565000000004
},
"last_update_date": "2023-12-18T11:05:26.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2007-07-31",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23840"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "NVD",
"id": "CVE-2007-0478"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25159"
},
{
"trust": 1.7,
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"trust": 1.7,
"url": "http://osvdb.org/32712"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1018494"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/23893"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26235"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0478"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0478"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/31846"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/457763/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2732"
},
{
"trust": 0.3,
"url": "http://www.kde.org/"
},
{
"trust": 0.3,
"url": "http://www.konqueror.org/"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/archive/1/archive/1/457924/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "http://www.kde.org/info/security/advisory-20070206-1.txt"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html"
},
{
"trust": 0.3,
"url": "http://jvn.jp/jp/jvn%2383832818/index.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "/archive/1/475770"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/23893/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0478"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20070071039server.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25721/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24440/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24732/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20406/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23195/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15047/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25383/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24542/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate20070071039.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate200700710410universal.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/13237/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25800/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24814/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25200/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate200700710410ppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21354/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24505/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25232/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25123/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26235/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/16987/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24356/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5289/"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200703-10.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23840"
},
{
"db": "BID",
"id": "22428"
},
{
"db": "BID",
"id": "23020"
},
{
"db": "BID",
"id": "25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "PACKETSTORM",
"id": "58225"
},
{
"db": "PACKETSTORM",
"id": "53974"
},
{
"db": "PACKETSTORM",
"id": "55049"
},
{
"db": "PACKETSTORM",
"id": "54183"
},
{
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23840"
},
{
"db": "BID",
"id": "22428"
},
{
"db": "BID",
"id": "23020"
},
{
"db": "BID",
"id": "25159"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"db": "PACKETSTORM",
"id": "58225"
},
{
"db": "PACKETSTORM",
"id": "53974"
},
{
"db": "PACKETSTORM",
"id": "55049"
},
{
"db": "PACKETSTORM",
"id": "54183"
},
{
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-23840"
},
{
"date": "2007-02-06T00:00:00",
"db": "BID",
"id": "22428"
},
{
"date": "2007-03-19T00:00:00",
"db": "BID",
"id": "23020"
},
{
"date": "2007-08-01T00:00:00",
"db": "BID",
"id": "25159"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"date": "2007-08-08T04:01:26",
"db": "PACKETSTORM",
"id": "58225"
},
{
"date": "2007-01-27T01:46:45",
"db": "PACKETSTORM",
"id": "53974"
},
{
"date": "2007-03-14T00:54:51",
"db": "PACKETSTORM",
"id": "55049"
},
{
"date": "2007-02-06T04:21:11",
"db": "PACKETSTORM",
"id": "54183"
},
{
"date": "2007-01-25T00:28:00",
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"date": "2006-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-23840"
},
{
"date": "2015-03-19T09:23:00",
"db": "BID",
"id": "22428"
},
{
"date": "2007-03-19T20:14:00",
"db": "BID",
"id": "23020"
},
{
"date": "2007-08-08T00:34:00",
"db": "BID",
"id": "25159"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001442"
},
{
"date": "2018-10-16T16:32:57.870000",
"db": "NVD",
"id": "CVE-2007-0478"
},
{
"date": "2007-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "22428"
},
{
"db": "BID",
"id": "23020"
},
{
"db": "BID",
"id": "25159"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Safari Used in WebCore Vulnerable to cross-site scripting attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001442"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "53974"
},
{
"db": "PACKETSTORM",
"id": "54183"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-420"
}
],
"trust": 0.8
}
}
gsd-2007-0478
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-0478",
"description": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.",
"id": "GSD-2007-0478",
"references": [
"https://www.suse.com/security/cve/CVE-2007-0478.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-0478"
],
"details": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.",
"id": "GSD-2007-0478",
"modified": "2023-12-13T01:21:35.390742Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "23893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23893"
},
{
"name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "32712",
"refsource": "OSVDB",
"url": "http://osvdb.org/32712"
},
{
"name": "1018494",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018494"
},
{
"name": "http://www.beanfuzz.com/wordpress/?p=99",
"refsource": "MISC",
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "safari-html-comment-xss(31846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0478"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.beanfuzz.com/wordpress/?p=99",
"refsource": "MISC",
"tags": [],
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"tags": [],
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "25159",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "1018494",
"refsource": "SECTRACK",
"tags": [],
"url": "http://securitytracker.com/id?1018494"
},
{
"name": "23893",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23893"
},
{
"name": "26235",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26235"
},
{
"name": "32712",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/32712"
},
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "safari-html-comment-xss(31846)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-16T16:32Z",
"publishedDate": "2007-01-25T00:28Z"
}
}
}
ghsa-8vcm-pr88-gpf9
Vulnerability from github
Published
2022-05-01 17:44
Modified
2022-05-01 17:44
Details
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
{
"affected": [],
"aliases": [
"CVE-2007-0478"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-01-25T00:28:00Z",
"severity": "MODERATE"
},
"details": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.",
"id": "GHSA-8vcm-pr88-gpf9",
"modified": "2022-05-01T17:44:36Z",
"published": "2022-05-01T17:44:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0478"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/32712"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23893"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26235"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1018494"
},
{
"type": "WEB",
"url": "http://www.beanfuzz.com/wordpress/?p=99"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/2732"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.