cvelistv5 - cve-2004-1121

CVE-2004-1121 (GCVE-0-2004-1121)

Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:39

Summary

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.kb.cert.org/vuls/id/925430	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/11573	vdb-entryx_refsource_BID
	http://secunia.com/advisories/13047/	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:39:00.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#925430",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/925430"
          },
          {
            "name": "11573",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11573"
          },
          {
            "name": "13047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/13047/"
          },
          {
            "name": "ie-table-status-spoofing(17909)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
          },
          {
            "name": "APPLE-SA-2004-12-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-12-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#925430",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/925430"
        },
        {
          "name": "11573",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11573"
        },
        {
          "name": "13047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/13047/"
        },
        {
          "name": "ie-table-status-spoofing(17909)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
        },
        {
          "name": "APPLE-SA-2004-12-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1121",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#925430",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/925430"
            },
            {
              "name": "11573",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11573"
            },
            {
              "name": "13047",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/13047/"
            },
            {
              "name": "ie-table-status-spoofing(17909)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
            },
            {
              "name": "APPLE-SA-2004-12-02",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1121",
    "datePublished": "2005-04-14T04:00:00",
    "dateReserved": "2004-12-01T00:00:00",
    "dateUpdated": "2024-08-08T00:39:00.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A419AE8-F5A2-4E25-9004-AAAB325E201A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"857C92E2-6870-409A-9457-75F8C5C7B959\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"443FF271-A3AB-4659-80B2-89F771BF5371\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3112AFEB-7893-467C-8B45-A44D5697BB79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FC83309-3A97-4619-B5C1-574610838BC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"891514D5-50C8-4EDC-81C5-24ABF8BCC022\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.\"}]",
      "id": "CVE-2004-1121",
      "lastModified": "2024-11-20T23:50:09.680",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2004-11-01T05:00:00.000",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/13047/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/925430\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/11573\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/17909\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/13047/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/925430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/11573\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/17909\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-1121\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-11-01T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A419AE8-F5A2-4E25-9004-AAAB325E201A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"857C92E2-6870-409A-9457-75F8C5C7B959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443FF271-A3AB-4659-80B2-89F771BF5371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3112AFEB-7893-467C-8B45-A44D5697BB79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC83309-3A97-4619-B5C1-574610838BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891514D5-50C8-4EDC-81C5-24ABF8BCC022\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/13047/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/925430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/11573\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17909\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/13047/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/925430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/11573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17909\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200411-0166

Vulnerability from variot - Updated: 2023-12-18 10:48

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. The first issue affects Apple's Apache configuration. Apparently Apple's default Apache configuration fails to properly block access to certain files. This issue has been assigned the CVE ID CAN-2004-1083 and is resolved in the attached Apple security update. The second issue reported in the referenced advisory affects the Apache web server on Mac OS X. This issue arises due to a failure of the affected server to properly handle HFS+ files system file resources. This issue has been assigned the CVE ID CAN-2004-1084 and is resolved in the attached Apple security update. The third issue affects Apple's windowing system and development kit (Appkit). This issue will allow and attacker to capture keyboard input that is supposed to be secure. This issue has been assigned the CVE ID CAN-2004-1081 and is resolved in the attached security update. The fourth issue surrounds the Cyrus IMAP server implementation when working with Kerberos authentication and may facilitate authentication bypass attacks. It should be noted that this issue only affects Mac OS X Server 10.3.X and earlier. This issue has been assigned CVE ID CAN-2004-1089 and is resolved in the attached security update. The fifth issue surrounds the HIToolBox. It affects only Mac OS X, and Mac OS X Server 10.3.X, the 10.2.X systems are not affected. This issue may allow an attacker to kill applications when running in kiosk mode. This issue has been assigned CVE ID CAN-2004-1085 and is resolved in the attached security update. The sixth issue affects the Postfix functionality on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to send mail without requiring authentication. This issue has been assigned CVE ID CAN-2004-1088 and is resolved in the attached security update. The seventh issue surrounds the PSNormalizer utilities on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to execute arbitrary code in the context of a user running a vulnerable version of the operating system. This issue has been assigned the CVE ID CAN-2004-1086 and is resolved in the attached security update. The eighth issue affects the QuickTime Streaming Server. An attacker may leverage this issue to trigger a denial of service condition in the affected server. This issue has been assigned the CVE ID CAN-2004-1123 and is resolved in the attached security update. Finally, a vulnerability affects Apple's Terminal application. This issue may lead to a false sense of security as the affected application may report that the 'Secure Keyboard Entry' functionality is active when it is not. This issue has been assigned the CVE ID CAN-2004-1087 and is resolved in the attached security update. An attacker may leverage these issues to carry out information disclosure, authentication bypass, code execution, privilege escalation, a false sense of security, and denial of service attacks. A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. The CVE ID for this issue is CAN-2004-1083. The CVE ID of this problem is CAN-2004-1084. The CVE ID for this issue is CAN-2004-1089. The CVE ID for this issue is CAN-2004-1085. The CVE ID of this problem is CAN-2004-1088. The CVE ID for this issue is CAN-2004-1086. Attackers can use this vulnerability to carry out denial-of-service attacks on the service program. The CVE ID for this issue is CAN-2004-1123. The CVE ID for this issue is CAN-2004-1087. TITLE: Safari "Javascript Disabled" Status Bar Spoofing

SECUNIA ADVISORY ID: SA13047

VERIFY ADVISORY: http://secunia.com/advisories/13047/

CRITICAL: Not critical

IMPACT: Security Bypass

WHERE:

From remote

SOFTWARE: Safari 1.x http://secunia.com/product/1543/

DESCRIPTION: A weakness has been discovered in Safari, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs.

For more information: SA13015

Successful exploitation allows a malicious web site to obfuscate URLs in the status bar, even when javascript support has been disabled.

The vulnerability has been confirmed in version 1.2.3. Other versions may also be affected.

SOLUTION: Never follow links from untrusted sources.

PROVIDED AND/OR DISCOVERED BY: Reported in Safari by: dereklam

Vulnerability originally discovered by: Benjamin Tobias Franz

OTHER REFERENCES: SA13015: http://secunia.com/advisories/13015/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200411-0166",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "quicktime streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "quicktime streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "quicktime streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "darwin streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "db": "BID",
        "id": "11802"
      },
      {
        "db": "BID",
        "id": "11573"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2004-1121",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-9551",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-1121",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#925430",
            "trust": 0.8,
            "value": "0.33"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200411-001",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-9551",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. Multiple web browsers do not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Multiple security vulnerabilities are reported to affect Apple Mac OS X.  These issues were disclosed in the referenced vendor advisory. \nThe first issue affects Apple\u0027s Apache configuration.  Apparently Apple\u0027s default Apache configuration fails to properly block access to certain files. This issue has been assigned the CVE ID CAN-2004-1083 and is resolved in the attached Apple security update. \nThe second issue reported in the referenced advisory affects the Apache web server on Mac OS X.  This issue arises due to a failure of the affected server to properly handle HFS+ files system file resources. This issue has been assigned the CVE ID CAN-2004-1084 and is resolved in the attached Apple security update. \nThe third issue affects Apple\u0027s windowing system and development kit (Appkit).  This issue will allow and attacker to capture keyboard input that is supposed to be secure. This issue has been assigned the CVE ID CAN-2004-1081 and is resolved in the attached security update. \nThe fourth issue surrounds the Cyrus IMAP server implementation when working with Kerberos authentication and may facilitate authentication bypass attacks.  It should be noted that this issue only affects Mac OS X Server 10.3.X and earlier. This issue has been assigned CVE ID CAN-2004-1089 and is resolved in the attached security update. \nThe fifth issue surrounds the HIToolBox.  It affects only Mac OS X, and Mac OS X Server 10.3.X, the 10.2.X systems are not affected.  This issue may allow an attacker to kill applications when running in kiosk mode. This issue has been assigned CVE ID CAN-2004-1085 and is resolved in the attached security update. \nThe sixth issue affects the Postfix functionality on Mac OS X 10.3.X desktop and server.  This issue may allow an attacker to send mail without requiring authentication. This issue has been assigned CVE ID CAN-2004-1088 and is resolved in the attached security update. \nThe seventh issue surrounds the PSNormalizer utilities on Mac OS X 10.3.X desktop and server.  This issue may allow an attacker to execute arbitrary code in the context of a user running a vulnerable version of the operating system. This issue has been assigned the CVE ID CAN-2004-1086 and is resolved in the attached security update. \nThe eighth issue affects the QuickTime Streaming Server. An attacker may leverage this issue to trigger a denial of service condition in the affected server. This issue has been assigned the CVE ID CAN-2004-1123 and is resolved in the attached security update. \nFinally, a vulnerability affects Apple\u0027s Terminal application.  This issue may lead to a false sense of security as the affected application may report that the \u0027Secure Keyboard Entry\u0027 functionality is active when it is not. This issue has been assigned the CVE ID CAN-2004-1087 and is resolved in the attached security update. \nAn attacker may leverage these issues to carry out information disclosure, authentication bypass, code execution, privilege escalation, a false sense of security, and denial of service attacks. A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. \nThis issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. The CVE ID for this issue is CAN-2004-1083. The CVE ID of this problem is CAN-2004-1084. The CVE ID for this issue is CAN-2004-1089. The CVE ID for this issue is CAN-2004-1085. The CVE ID of this problem is CAN-2004-1088. The CVE ID for this issue is CAN-2004-1086. Attackers can use this vulnerability to carry out denial-of-service attacks on the service program. The CVE ID for this issue is CAN-2004-1123. The CVE ID for this issue is CAN-2004-1087. \nTITLE:\nSafari \"Javascript Disabled\" Status Bar Spoofing\n\nSECUNIA ADVISORY ID:\nSA13047\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/13047/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSafari 1.x\nhttp://secunia.com/product/1543/\n\nDESCRIPTION:\nA weakness has been discovered in Safari, which can be exploited by\nmalicious people to trick users into visiting a malicious website by\nobfuscating URLs. \n\nFor more information:\nSA13015\n\nSuccessful exploitation allows a malicious web site to obfuscate URLs\nin the status bar, even when javascript support has been disabled. \n\nThe vulnerability has been confirmed in version 1.2.3. Other versions\nmay also be affected. \n\nSOLUTION:\nNever follow links from untrusted sources. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported in Safari by:\ndereklam\n\nVulnerability originally discovered by:\nBenjamin Tobias Franz\n\nOTHER REFERENCES:\nSA13015:\nhttp://secunia.com/advisories/13015/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "db": "BID",
        "id": "11802"
      },
      {
        "db": "BID",
        "id": "11573"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "db": "PACKETSTORM",
        "id": "34917"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-9551",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "13047",
        "trust": 2.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#925430",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1121",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "11573",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1011987",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "13015",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "17909",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2004-12-02",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "11802",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "24716",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-78408",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-9551",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "34917",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "db": "BID",
        "id": "11802"
      },
      {
        "db": "BID",
        "id": "11573"
      },
      {
        "db": "PACKETSTORM",
        "id": "34917"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "id": "VAR-200411-0166",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:48:37.207000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://secunia.com/advisories/13047/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2004/dec/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/11573"
      },
      {
        "trust": 1.7,
        "url": "http://www.kb.cert.org/vuls/id/925430"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/13015/"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2004/oct/1011987.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/17909"
      },
      {
        "trust": 0.3,
        "url": "http://developer.apple.com/darwin/projects/streaming/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "www.idefense.com/application/poi/display?id=159\u0026type=vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/379764"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/380094"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1543/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "db": "BID",
        "id": "11802"
      },
      {
        "db": "BID",
        "id": "11573"
      },
      {
        "db": "PACKETSTORM",
        "id": "34917"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "db": "BID",
        "id": "11802"
      },
      {
        "db": "BID",
        "id": "11573"
      },
      {
        "db": "PACKETSTORM",
        "id": "34917"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-11-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "date": "2004-11-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "date": "2004-12-03T00:00:00",
        "db": "BID",
        "id": "11802"
      },
      {
        "date": "2004-11-01T00:00:00",
        "db": "BID",
        "id": "11573"
      },
      {
        "date": "2004-11-02T03:43:48",
        "db": "PACKETSTORM",
        "id": "34917"
      },
      {
        "date": "2004-11-01T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "date": "2003-07-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-11-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#925430"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-9551"
      },
      {
        "date": "2015-03-19T08:49:00",
        "db": "BID",
        "id": "11802"
      },
      {
        "date": "2009-07-12T08:06:00",
        "db": "BID",
        "id": "11573"
      },
      {
        "date": "2017-07-11T01:30:45.620000",
        "db": "NVD",
        "id": "CVE-2004-1121"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "11802"
      },
      {
        "db": "BID",
        "id": "11573"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple web browsers do not properly interpret TABLE elements when displaying URLs in the status bar",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#925430"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200411-001"
      }
    ],
    "trust": 0.6
  }
}

GSD-2004-1121

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.

Aliases

CVE-2004-1121

Aliases

CVE-2004-1121

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-1121",
    "description": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.",
    "id": "GSD-2004-1121"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-1121"
      ],
      "details": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.",
      "id": "GSD-2004-1121",
      "modified": "2023-12-13T01:22:56.634678Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-1121",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#925430",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/925430"
          },
          {
            "name": "11573",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/11573"
          },
          {
            "name": "13047",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/13047/"
          },
          {
            "name": "ie-table-status-spoofing(17909)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
          },
          {
            "name": "APPLE-SA-2004-12-02",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1121"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2004-12-02",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
            },
            {
              "name": "VU#925430",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/925430"
            },
            {
              "name": "11573",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/11573"
            },
            {
              "name": "13047",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/13047/"
            },
            {
              "name": "ie-table-status-spoofing(17909)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:30Z",
      "publishedDate": "2004-11-01T05:00Z"
    }
  }
}

GHSA-GJW4-3R4P-3GVV

Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:01

Details

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-1121"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-11-01T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.",
  "id": "GHSA-gjw4-3r4p-3gvv",
  "modified": "2025-04-03T04:01:39Z",
  "published": "2022-04-29T02:58:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1121"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/13047"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/925430"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11573"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2004-1121

Vulnerability from fkie_nvd - Published: 2004-11-01 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/13047/	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/925430	Patch, Third Party Advisory, US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/11573	Exploit, Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17909
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/13047/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/925430	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11573	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17909

Impacted products

Vendor	Product	Version
apple	safari	1.0
apple	safari	1.1
apple	safari	1.2
apple	safari	1.2.1
apple	safari	1.2.2
apple	safari	1.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3112AFEB-7893-467C-8B45-A44D5697BB79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FC83309-3A97-4619-B5C1-574610838BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "891514D5-50C8-4EDC-81C5-24ABF8BCC022",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags."
    }
  ],
  "id": "CVE-2004-1121",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-11-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/13047/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/925430"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11573"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/13047/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/925430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17909"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-1121 (GCVE-0-2004-1121)

VAR-200411-0166

GSD-2004-1121

GHSA-GJW4-3R4P-3GVV

FKIE_CVE-2004-1121

Tags

Sightings

Nomenclature