cvelistv5 - CVE-2007-2410

CVE-2007-2410 (GCVE-0-2007-2410)

Vulnerability from cvelistv5 – Published: 2007-08-03 10:00 – Updated: 2024-08-07 13:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2732	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://securitytracker.com/id?1018494	vdb-entryx_refsource_SECTRACK
	http://docs.info.apple.com/article.html?artnum=306172	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/25159	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/26235	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:28.736Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2732",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "1018494",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018494"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "25159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "safari-global-objects-security-bypass(35743)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
          },
          {
            "name": "26235",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26235"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2732",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2732"
        },
        {
          "name": "APPLE-SA-2007-07-31",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
        },
        {
          "name": "1018494",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018494"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306172"
        },
        {
          "name": "25159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25159"
        },
        {
          "name": "safari-global-objects-security-bypass(35743)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
        },
        {
          "name": "26235",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26235"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2410",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "1018494",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018494"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "safari-global-objects-security-bypass(35743)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26235"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2410",
    "datePublished": "2007-08-03T10:00:00",
    "dateReserved": "2007-04-30T00:00:00",
    "dateUpdated": "2024-08-07T13:33:28.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D089858-3AF9-4B82-912D-AA33F25E3715\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8923EE1A-DD48-4EC8-8698-A33093FD709C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81F8DA6D-2258-4138-8FB2-90BE3C68B230\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"918442A6-677E-47A1-BD22-F0E9FF1E0048\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.\"}, {\"lang\": \"es\", \"value\": \"WebCore en Apple Mac OS X 10.3.9 y 10.4.10 retine propiedades de determinado objetos globales cuando se visita un nuevo URL en la misma ventana, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS).\"}]",
      "id": "CVE-2007-2410",
      "lastModified": "2024-11-21T00:30:43.277",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-08-03T10:17:00.000",
      "references": "[{\"url\": \"http://docs.info.apple.com/article.html?artnum=306172\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26235\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018494\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/25159\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2732\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35743\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=306172\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018494\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/25159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2410\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-03T10:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.\"},{\"lang\":\"es\",\"value\":\"WebCore en Apple Mac OS X 10.3.9 y 10.4.10 retine propiedades de determinado objetos globales cuando se visita un nuevo URL en la misma ventana, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D089858-3AF9-4B82-912D-AA33F25E3715\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8923EE1A-DD48-4EC8-8698-A33093FD709C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F8DA6D-2258-4138-8FB2-90BE3C68B230\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"918442A6-677E-47A1-BD22-F0E9FF1E0048\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=306172\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26235\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018494\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/25159\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2732\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35743\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/25159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2007-2410

Vulnerability from fkie_nvd - Published: 2007-08-03 10:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306172
cve@mitre.org	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
cve@mitre.org	http://secunia.com/advisories/26235	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018494	Patch
cve@mitre.org	http://www.securityfocus.com/bid/25159	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2732
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35743
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306172
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26235	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018494	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25159	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2732
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35743

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.3.9
apple	mac_os_x	10.4.10
apple	mac_os_x_server	10.3.9
apple	mac_os_x_server	10.4.10
apple	webcore	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F8DA6D-2258-4138-8FB2-90BE3C68B230",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "918442A6-677E-47A1-BD22-F0E9FF1E0048",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
    },
    {
      "lang": "es",
      "value": "WebCore en Apple Mac OS X 10.3.9 y 10.4.10 retine propiedades de determinado objetos globales cuando se visita un nuevo URL en la misma ventana, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS)."
    }
  ],
  "id": "CVE-2007-2410",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-08-03T10:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1018494"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1018494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-340

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

Tags

Avis de sécurité Apple 2007-007 306172 du 30 juillet 2007	None	vendor-advisory
Bulletin de sécurité Apple 2007-007 306172 du 30 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server v10.4.10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4.10 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Mac OS X. Parmi celles-ci :\n\n-   bzip2 : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   CFNetwork : un clic sur une addresse malicieusement form\u00e9e permet\n    l\u0027ex\u00e9cution de commandes FTP arbitraires \u00e0 distance ;\n-   CoreAudio : une page Web malicieusement cr\u00e9\u00e9e permet \u00e0 l\u0027aide d\u0027une\n    applet Java d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance;\n-   cscope : des vuln\u00e9rabilit\u00e9s concernant un d\u00e9passement de m\u00e9moire et\n    la cr\u00e9ation de fichiers temporaires dangereux ont \u00e9t\u00e9 corrig\u00e9es ;\n-   gnuzip : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   iChat : un d\u00e9passement de m\u00e9moire permet de provoquer un d\u00e9ni de\n    service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance au\n    sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   Kerberos : des vuln\u00e9rabilit\u00e9s pouvant provoquer un d\u00e9ni de service\n    ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es ;\n-   mDNSResponder : un d\u00e9passement de m\u00e9moire permet de provoquer un\n    d\u00e9ni de service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance au sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   PDFKit : l\u0027ouverture d\u0027un document malicieusement cr\u00e9\u00e9 permet un\n    d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de code arbitraire ;\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s touchant PHP 4.4.4 ont \u00e9t\u00e9 corrig\u00e9es\n    ;\n-   Quartz Composer : l\u0027ouverture d\u0027un fichier Quartz malicieusement\n    cr\u00e9\u00e9 permet un d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   Samba : lorsque le partage de fichiers Windows est activ\u00e9, un\n    utilisateur non authentifi\u00e9 peut, \u00e0 distance, provoquer un d\u00e9ni de\n    service, ex\u00e9cuter du code ou des commandes arbitraires et contourner\n    la politique de s\u00e9curit\u00e9 ;\n-   SquirrelMail : plusieurs vuln\u00e9rabilit\u00e9s dont au moins une permettant\n    une attaque de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s dont certaines permettant des\n    attaques de type cross-site scripting et l\u0027atteinte \u00e0 la\n    confidentialit\u00e9 des donn\u00e9es ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebCore : des vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution d\u0027applets Java\n    alors que celui-ci est d\u00e9sactiv\u00e9 et permettant la r\u00e9alisation\n    d\u0027attaques de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebKit : l\u0027ouverture d\u0027une page Web malicieusement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2005-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-0758"
    },
    {
      "name": "CVE-2007-2403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2403"
    },
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2407"
    },
    {
      "name": "CVE-2006-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2842"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2409"
    },
    {
      "name": "CVE-2007-2405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2405"
    },
    {
      "name": "CVE-2007-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3944"
    },
    {
      "name": "CVE-2007-1287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1287"
    },
    {
      "name": "CVE-2007-1262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1262"
    },
    {
      "name": "CVE-2007-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2408"
    },
    {
      "name": "CVE-2005-3128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3128"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2446"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1717"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0478"
    },
    {
      "name": "CVE-2006-3174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3174"
    },
    {
      "name": "CVE-2007-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3747"
    },
    {
      "name": "CVE-2007-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2406"
    },
    {
      "name": "CVE-2007-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3748"
    },
    {
      "name": "CVE-2007-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2442"
    },
    {
      "name": "CVE-2007-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3744"
    },
    {
      "name": "CVE-2007-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3745"
    },
    {
      "name": "CVE-2007-1460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1460"
    },
    {
      "name": "CVE-2007-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2410"
    },
    {
      "name": "CVE-2004-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-0996"
    },
    {
      "name": "CVE-2006-6142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6142"
    },
    {
      "name": "CVE-2007-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860"
    },
    {
      "name": "CVE-2007-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2798"
    },
    {
      "name": "CVE-2007-1461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1461"
    },
    {
      "name": "CVE-2007-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3742"
    },
    {
      "name": "CVE-2004-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2541"
    },
    {
      "name": "CVE-2007-2404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2404"
    },
    {
      "name": "CVE-2007-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2447"
    },
    {
      "name": "CVE-2007-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1484"
    },
    {
      "name": "CVE-2006-4019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4019"
    },
    {
      "name": "CVE-2007-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2589"
    },
    {
      "name": "CVE-2007-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2443"
    },
    {
      "name": "CVE-2007-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3746"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet    2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    }
  ],
  "reference": "CERTA-2007-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es : elles concernent le\nsyst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation de ces derni\u00e8res peut\navoir des cons\u00e9quences vari\u00e9es, comme l\u0027ex\u00e9cution de code arbitraire, ou\nun dysfonctionnement du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-340

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

Tags

Avis de sécurité Apple 2007-007 306172 du 30 juillet 2007	None	vendor-advisory
Bulletin de sécurité Apple 2007-007 306172 du 30 juillet 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac OS X Server v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X Server v10.4.10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.4.10 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac OS X v10.3.9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Mac OS X. Parmi celles-ci :\n\n-   bzip2 : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   CFNetwork : un clic sur une addresse malicieusement form\u00e9e permet\n    l\u0027ex\u00e9cution de commandes FTP arbitraires \u00e0 distance ;\n-   CoreAudio : une page Web malicieusement cr\u00e9\u00e9e permet \u00e0 l\u0027aide d\u0027une\n    applet Java d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance;\n-   cscope : des vuln\u00e9rabilit\u00e9s concernant un d\u00e9passement de m\u00e9moire et\n    la cr\u00e9ation de fichiers temporaires dangereux ont \u00e9t\u00e9 corrig\u00e9es ;\n-   gnuzip : un nom d\u0027archive malicieusement form\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance ;\n-   iChat : un d\u00e9passement de m\u00e9moire permet de provoquer un d\u00e9ni de\n    service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance au\n    sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   Kerberos : des vuln\u00e9rabilit\u00e9s pouvant provoquer un d\u00e9ni de service\n    ou l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es ;\n-   mDNSResponder : un d\u00e9passement de m\u00e9moire permet de provoquer un\n    d\u00e9ni de service \u00e0 distance ou l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance au sein d\u0027un m\u00eame sous r\u00e9seau ;\n-   PDFKit : l\u0027ouverture d\u0027un document malicieusement cr\u00e9\u00e9 permet un\n    d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de code arbitraire ;\n-   PHP : plusieurs vuln\u00e9rabilit\u00e9s touchant PHP 4.4.4 ont \u00e9t\u00e9 corrig\u00e9es\n    ;\n-   Quartz Composer : l\u0027ouverture d\u0027un fichier Quartz malicieusement\n    cr\u00e9\u00e9 permet un d\u00e9ni de service de l\u0027application ou l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   Samba : lorsque le partage de fichiers Windows est activ\u00e9, un\n    utilisateur non authentifi\u00e9 peut, \u00e0 distance, provoquer un d\u00e9ni de\n    service, ex\u00e9cuter du code ou des commandes arbitraires et contourner\n    la politique de s\u00e9curit\u00e9 ;\n-   SquirrelMail : plusieurs vuln\u00e9rabilit\u00e9s dont au moins une permettant\n    une attaque de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s dont certaines permettant des\n    attaques de type cross-site scripting et l\u0027atteinte \u00e0 la\n    confidentialit\u00e9 des donn\u00e9es ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebCore : des vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution d\u0027applets Java\n    alors que celui-ci est d\u00e9sactiv\u00e9 et permettant la r\u00e9alisation\n    d\u0027attaques de type cross-site scripting ont \u00e9t\u00e9 corrig\u00e9es ;\n-   WebKit : l\u0027ouverture d\u0027une page Web malicieusement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2005-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-0758"
    },
    {
      "name": "CVE-2007-2403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2403"
    },
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2407"
    },
    {
      "name": "CVE-2006-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2842"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2409"
    },
    {
      "name": "CVE-2007-2405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2405"
    },
    {
      "name": "CVE-2007-3944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3944"
    },
    {
      "name": "CVE-2007-1287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1287"
    },
    {
      "name": "CVE-2007-1262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1262"
    },
    {
      "name": "CVE-2007-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2408"
    },
    {
      "name": "CVE-2005-3128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3128"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2446"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1717"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0478"
    },
    {
      "name": "CVE-2006-3174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3174"
    },
    {
      "name": "CVE-2007-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3747"
    },
    {
      "name": "CVE-2007-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2406"
    },
    {
      "name": "CVE-2007-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3748"
    },
    {
      "name": "CVE-2007-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2442"
    },
    {
      "name": "CVE-2007-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3744"
    },
    {
      "name": "CVE-2007-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3745"
    },
    {
      "name": "CVE-2007-1460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1460"
    },
    {
      "name": "CVE-2007-2410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2410"
    },
    {
      "name": "CVE-2004-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-0996"
    },
    {
      "name": "CVE-2006-6142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6142"
    },
    {
      "name": "CVE-2007-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860"
    },
    {
      "name": "CVE-2007-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2798"
    },
    {
      "name": "CVE-2007-1461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1461"
    },
    {
      "name": "CVE-2007-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3742"
    },
    {
      "name": "CVE-2004-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2541"
    },
    {
      "name": "CVE-2007-2404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2404"
    },
    {
      "name": "CVE-2007-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2447"
    },
    {
      "name": "CVE-2007-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1484"
    },
    {
      "name": "CVE-2006-4019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4019"
    },
    {
      "name": "CVE-2007-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2589"
    },
    {
      "name": "CVE-2007-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2443"
    },
    {
      "name": "CVE-2007-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3746"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet    2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    }
  ],
  "reference": "CERTA-2007-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es : elles concernent le\nsyst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation de ces derni\u00e8res peut\navoir des cons\u00e9quences vari\u00e9es, comme l\u0027ex\u00e9cution de code arbitraire, ou\nun dysfonctionnement du syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Apple 2007-007 306172 du 30 juillet 2007",
      "url": null
    }
  ]
}

GHSA-MXMV-PJJ2-646C

Vulnerability from github – Published: 2022-05-01 18:03 – Updated: 2022-05-01 18:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2410"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-03T10:17:00Z",
    "severity": "MODERATE"
  },
  "details": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.",
  "id": "GHSA-mxmv-pjj2-646c",
  "modified": "2022-05-01T18:03:28Z",
  "published": "2022-05-01T18:03:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2410"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018494"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200708-0468

Vulnerability from variot - Updated: 2023-12-18 10:47

WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26235

VERIFY ADVISORY: http://secunia.com/advisories/26235/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI.

2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks.

3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet.

4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet.

5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet.

Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution.

For more information: SA13237

7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet.

8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system.

For more information: SA25800

9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet.

10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file.

11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system.

For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123

12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed.

13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA25232

14) An unspecified error in Samba can be exploited to bypass file system quotas.

15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks.

For more information: SA16987 SA20406 SA21354 SA23195 SA25200

16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions.

For more information: SA24732 SA25383 SA25721

17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences.

18) An error in WebCore can be exploited to conduct cross-site scripting attacks.

For more information see vulnerability #1 in: SA23893

19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information.

21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL.

This is similar to: SA14164

22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page.

23) Input validation errors exists in bzgrep and zgrep.

For more information: SA15047

SOLUTION: Apply Security Update 2007-007.

Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html

Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html

Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html

Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html

Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html

Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html

PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators.

ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172

OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/

SA15047: http://secunia.com/advisories/15047/

SA16987: http://secunia.com/advisories/16987/

SA20406: http://secunia.com/advisories/20406/

SA21354: http://secunia.com/advisories/21354/

SA22588: http://secunia.com/advisories/22588/

SA23195: http://secunia.com/advisories/23195/

SA23893: http://secunia.com/advisories/23893/

SA24814: http://secunia.com/advisories/24814/

SA24356: http://secunia.com/advisories/24356/

SA24440: http://secunia.com/advisories/24440/

SA24505: http://secunia.com/advisories/24505/

SA24542: http://secunia.com/advisories/24542/

SA24732: http://secunia.com/advisories/24732/

SA25800: http://secunia.com/advisories/25800/

SA25123: http://secunia.com/advisories/25123/

SA25200: http://secunia.com/advisories/25200/

SA25232: http://secunia.com/advisories/25232/

SA25383: http://secunia.com/advisories/25383/

SA25721: http://secunia.com/advisories/25721/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200708-0468",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "webcore",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.9 and  10.4.10"
      },
      {
        "model": "webcore",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.10"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.10"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2410",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-2410",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25772",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2410",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200708-048",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25772",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Apple Mac OS X is prone to multiple security vulnerabilities. \nThese issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. \nApple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26235\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26235/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Spoofing, Manipulation of\ndata, Exposure of sensitive information, Privilege escalation, DoS,\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error within the handling of FTP URIs in CFNetwork can be\nexploited to run arbitrary FTP commands in context of the user\u0027s FTP\nclient, when a user is enticed to click on a specially crafted FTP\nURI. \n\n2) An input validation error can cause applications using CFNetwork\nto become vulnerable to HTTP response splitting attacks. \n\n3) A design error exists in the Java interface to CoreAudio, which\ncan be exploited to free arbitrary memory, when a user is enticed to\nvisit a web site containing a specially crafted Java applet. \n\n4) An unspecified error exists in the Java interface to CoreAudio,\nwhich can be exploited to read or write out of bounds of the\nallocated heap by enticing a user to visit a web site containing a\nspecially crafted Java applet. \n\n5) A unspecified error exists in the Java interface to CoreAudio,\nwhich can be exploited to instantiate or manipulate objects outside\nthe bounds of the allocated heap, when a user is enticed to visit a\nweb site containing a specially crafted Java applet. \n\nSuccessful exploitation of vulnerabilities #3 to #5 may allow\narbitrary code execution. \n\nFor more information:\nSA13237\n\n7) A boundary error within the UPnP IGD (Internet Gateway Device\nStandardized Device Control Protocol) code in iChat can be exploited\non the local network to crash the application or to execute arbitrary\ncode, by sending a specially crafted packet. \n\n8) Some vulnerabilities in Kerberos can be exploited by malicious\nusers and malicious people to compromise a vulnerable system. \n\nFor more information:\nSA25800\n\n9) An error within the UPnP IGD (Internet Gateway Device Standardized\nDevice Control Protocol) code in mDNSResponder can be exploited on the\nlocal network to crash the application or to execute arbitrary code,\nby sending a specially crafted packet. \n\n10) An integer underflow exists in PDFKit within the handling of PDF\nfiles in Preview and may be exploited to execute arbitrary code when\na user opens a specially crafted PDF file. \n\n11) Multiple vulnerabilities exist in PHP, which can be exploited to\ndisclose potentially sensitive information, to cause a DoS (Denial of\nService), to bypass certain security restrictions, to conduct\ncross-site scripting attacks, or to compromise a vulnerable system. \n\nFor more information:\nSA24814\nSA24356\nSA24440\nSA24505\nSA24542\nSA25123\n\n12) An error exists in Quartz Composer due to an uninitialized object\npointer when handling Quartz Composer files and may be exploited to\nexecute arbitrary code when a specially crafted Quartz Composer file\nis viewed. \n\n13) Some vulnerabilities exist in Samba, which can be exploited by\nmalicious people to compromise a vulnerable system. \n\nFor more information:\nSA25232\n\n14) An unspecified error in Samba can be exploited to bypass file\nsystem quotas. \n\n15) Some vulnerabilities in Squirrelmail can be exploited by\nmalicious people to disclose and manipulate certain sensitive\ninformation or to conduct cross-site scripting, cross-site request\nforgery, and script insertion attacks. \n\nFor more information:\nSA16987\nSA20406\nSA21354\nSA23195\nSA25200\n\n16) Some vulnerabilities in Apache Tomcat can be exploited by\nmalicious people to conduct cross-site scripting attacks or to bypass\ncertain security restrictions. \n\nFor more information:\nSA24732\nSA25383\nSA25721\n\n17) An error in WebCore can be exploited to load Java applets even\nwhen Java is disabled in the preferences. \n\n18) An error in WebCore can be exploited to conduct cross-site\nscripting attacks. \n\nFor more information see vulnerability #1 in:\nSA23893\n\n19) An error in WebCore can be exploited by malicious people to gain\nknowledge of sensitive information. \n\n21) An error in WebKit within in the handling of International Domain\nName (IDN) support and Unicode fonts embedded in Safari can be\nexploited to spoof a URL. \n\nThis is similar to:\nSA14164\n\n22) A boundary error in the Perl Compatible Regular Expressions\n(PCRE) library in WebKit and used by the JavaScript engine in Safari\ncan be exploited to cause a heap-based buffer overflow when a user\nvisits a malicious web page. \n\n23) Input validation errors exists in bzgrep and  zgrep. \n\nFor more information:\nSA15047\n\nSOLUTION:\nApply Security Update 2007-007. \n\nSecurity Update 2007-007 (10.4.10 Server Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html\n\nSecurity Update 2007-007 (10.4.10 Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700710410universal.html\n\nSecurity Update 2007-007 (10.4.10 Server PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700710410serverppc.html\n\nSecurity Update 2007-007 (10.4.10 PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700710410ppc.html\n\nSecurity Update 2007-007 (10.3.9 Server):\nhttp://www.apple.com/support/downloads/securityupdate20070071039server.html\n\nSecurity Update 2007-007 (10.3.9):\nhttp://www.apple.com/support/downloads/securityupdate20070071039.html\n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Steven Kramer, sprintteam.nl. \n14) The vendor credits Mike Matz, Wyomissing Area School District. \n17) The vendor credits Scott Wilde. \n19) Secunia Research\n22) The vendor credits Charlie Miller and Jake Honoroff of\nIndependent Security Evaluators. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306172\n\nOTHER REFERENCES:\nSA13237:\nhttp://secunia.com/advisories/13237/\n\nSA15047:\nhttp://secunia.com/advisories/15047/\n\nSA16987:\nhttp://secunia.com/advisories/16987/\n\nSA20406:\nhttp://secunia.com/advisories/20406/\n\nSA21354:\nhttp://secunia.com/advisories/21354/\n\nSA22588:\nhttp://secunia.com/advisories/22588/\n\nSA23195:\nhttp://secunia.com/advisories/23195/\n\nSA23893:\nhttp://secunia.com/advisories/23893/\n\nSA24814:\nhttp://secunia.com/advisories/24814/\n\nSA24356:\nhttp://secunia.com/advisories/24356/\n\nSA24440:\nhttp://secunia.com/advisories/24440/\n\nSA24505:\nhttp://secunia.com/advisories/24505/\n\nSA24542:\nhttp://secunia.com/advisories/24542/\n\nSA24732:\nhttp://secunia.com/advisories/24732/\n\nSA25800:\nhttp://secunia.com/advisories/25800/\n\nSA25123:\nhttp://secunia.com/advisories/25123/\n\nSA25200:\nhttp://secunia.com/advisories/25200/\n\nSA25232:\nhttp://secunia.com/advisories/25232/\n\nSA25383:\nhttp://secunia.com/advisories/25383/\n\nSA25721:\nhttp://secunia.com/advisories/25721/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2410",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "25159",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "26235",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2732",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018494",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-07-31",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "35743",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58225",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "id": "VAR-200708-0468",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25772"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:47:38.553000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2007-07-31",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://docs.info.apple.com/article.html?artnum=306172"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25159"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1018494"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26235"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2732"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2410"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2410"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2732"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35743"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/475770"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20070071039server.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25721/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23893/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24440/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24732/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20406/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23195/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/15047/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25383/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24542/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20070071039.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410universal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/13237/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25800/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24814/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25200/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410ppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21354/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24505/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25232/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25123/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26235/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/16987/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22588/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24356/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-08-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "date": "2007-08-01T00:00:00",
        "db": "BID",
        "id": "25159"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "date": "2007-08-08T04:01:26",
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "date": "2007-08-03T10:17:00",
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "date": "2006-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25772"
      },
      {
        "date": "2007-08-08T00:34:00",
        "db": "BID",
        "id": "25159"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      },
      {
        "date": "2017-07-29T01:31:25.987000",
        "db": "NVD",
        "id": "CVE-2007-2410"
      },
      {
        "date": "2007-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebCore Vulnerable to cross-site scripting attacks",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001950"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-048"
      }
    ],
    "trust": 0.6
  }
}

GSD-2007-2410

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2410

Aliases

CVE-2007-2410

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2410",
    "description": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.",
    "id": "GSD-2007-2410"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2410"
      ],
      "details": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.",
      "id": "GSD-2007-2410",
      "modified": "2023-12-13T01:21:38.077068Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2410",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2732",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "1018494",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018494"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306172",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "25159",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "safari-global-objects-security-bypass(35743)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
          },
          {
            "name": "26235",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26235"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2410"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "1018494",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1018494"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "safari-global-objects-security-bypass(35743)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35743"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:31Z",
      "publishedDate": "2007-08-03T10:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2410 (GCVE-0-2007-2410)

FKIE_CVE-2007-2410

CERTA-2007-AVI-340

Description

Solution

CERTA-2007-AVI-340

Description

Solution

GHSA-MXMV-PJJ2-646C

VAR-200708-0468

GSD-2007-2410

Tags

Sightings

Nomenclature