cvelistv5 - cve-2007-2398

cve-2007-2398

Vulnerability from cvelistv5

Published

2007-06-21 10:00

Modified

2024-08-07 13:33

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
	cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
	cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
	cve@mitre.org	http://osvdb.org/38862
	cve@mitre.org	http://support.apple.com/kb/HT1467
	cve@mitre.org	http://www.securityfocus.com/archive/1/471452/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/471454/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/24484
	cve@mitre.org	http://www.securitytracker.com/id?1018282
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/2316
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0979/references
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38862
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT1467
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471452/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471454/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24484
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018282
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2316
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0979/references
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35050

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:28.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38862",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38862"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT1467"
          },
          {
            "name": "ADV-2007-2316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2316"
          },
          {
            "name": "ADV-2008-0979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0979/references"
          },
          {
            "name": "APPLE-SA-2007-06-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
          },
          {
            "name": "APPLE-SA-2008-04-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
          },
          {
            "name": "1018282",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018282"
          },
          {
            "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
          },
          {
            "name": "safari-addressbar-spoofing(35050)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
          },
          {
            "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
          },
          {
            "name": "24484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24484"
          },
          {
            "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38862",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38862"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT1467"
        },
        {
          "name": "ADV-2007-2316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2316"
        },
        {
          "name": "ADV-2008-0979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0979/references"
        },
        {
          "name": "APPLE-SA-2007-06-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
        },
        {
          "name": "APPLE-SA-2008-04-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
        },
        {
          "name": "1018282",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018282"
        },
        {
          "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
        },
        {
          "name": "safari-addressbar-spoofing(35050)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
        },
        {
          "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
        },
        {
          "name": "24484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24484"
        },
        {
          "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2398",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38862",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38862"
            },
            {
              "name": "http://support.apple.com/kb/HT1467",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT1467"
            },
            {
              "name": "ADV-2007-2316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2316"
            },
            {
              "name": "ADV-2008-0979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0979/references"
            },
            {
              "name": "APPLE-SA-2007-06-22",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
            },
            {
              "name": "APPLE-SA-2008-04-16",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
            },
            {
              "name": "1018282",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018282"
            },
            {
              "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
            },
            {
              "name": "safari-addressbar-spoofing(35050)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
            },
            {
              "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
            },
            {
              "name": "24484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24484"
            },
            {
              "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2398",
    "datePublished": "2007-06-21T10:00:00",
    "dateReserved": "2007-04-30T00:00:00",
    "dateUpdated": "2024-08-07T13:33:28.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"3E61C168-482B-412A-97E8-B1C651797EDF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.\"}, {\"lang\": \"es\", \"value\": \"El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el t\\u00edtulo de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elecci\\u00f3n estableciendo la barra de localizaci\\u00f3n y usando el setTimeout() para la creaci\\u00f3n de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing.\"}]",
      "id": "CVE-2007-2398",
      "lastModified": "2024-11-21T00:30:41.423",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:C/A:N\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-06-21T10:30:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/38862\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT1467\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471452/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471454/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24484\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018282\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2316\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0979/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/38862\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT1467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471452/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471454/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24484\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018282\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0979/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2398\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-21T10:30:00.000\",\"lastModified\":\"2024-11-21T00:30:41.423\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.\"},{\"lang\":\"es\",\"value\":\"El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el t\u00edtulo de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elecci\u00f3n estableciendo la barra de localizaci\u00f3n y usando el setTimeout() para la creaci\u00f3n de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:C/A:N\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"3E61C168-482B-412A-97E8-B1C651797EDF\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/38862\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT1467\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471452/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471454/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24484\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018282\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2316\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0979/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/38862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT1467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471452/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471454/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0979/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cve-2007-2398

Vulnerability from fkie_nvd

Published

2007-06-21 10:30

Modified

2024-11-21 00:30

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
	cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
	cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
	cve@mitre.org	http://osvdb.org/38862
	cve@mitre.org	http://support.apple.com/kb/HT1467
	cve@mitre.org	http://www.securityfocus.com/archive/1/471452/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/471454/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/24484
	cve@mitre.org	http://www.securitytracker.com/id?1018282
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/2316
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0979/references
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38862
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT1467
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471452/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471454/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24484
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018282
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2316
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0979/references
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35050

Impacted products

	Vendor	Product	Version
	microsoft	windows_2003_server	sp2
	apple	safari	3.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
    },
    {
      "lang": "es",
      "value": "El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el t\u00edtulo de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elecci\u00f3n estableciendo la barra de localizaci\u00f3n y usando el setTimeout() para la creaci\u00f3n de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing."
    }
  ],
  "id": "CVE-2007-2398",
  "lastModified": "2024-11-21T00:30:41.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-21T10:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/38862"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT1467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24484"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0979/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT1467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-2398

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-2398

Aliases

CVE-2007-2398

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2398",
    "description": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.",
    "id": "GSD-2007-2398"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2398"
      ],
      "details": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.",
      "id": "GSD-2007-2398",
      "modified": "2023-12-13T01:21:38.173906Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2398",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "38862",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/38862"
          },
          {
            "name": "http://support.apple.com/kb/HT1467",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT1467"
          },
          {
            "name": "ADV-2007-2316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2316"
          },
          {
            "name": "ADV-2008-0979",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0979/references"
          },
          {
            "name": "APPLE-SA-2007-06-22",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
          },
          {
            "name": "APPLE-SA-2008-04-16",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
          },
          {
            "name": "1018282",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018282"
          },
          {
            "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
          },
          {
            "name": "safari-addressbar-spoofing(35050)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
          },
          {
            "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
          },
          {
            "name": "24484",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24484"
          },
          {
            "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2398"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
            },
            {
              "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2007-06-22",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
            },
            {
              "name": "24484",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24484"
            },
            {
              "name": "1018282",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018282"
            },
            {
              "name": "http://support.apple.com/kb/HT1467",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT1467"
            },
            {
              "name": "APPLE-SA-2008-04-16",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
            },
            {
              "name": "ADV-2008-0979",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0979/references"
            },
            {
              "name": "ADV-2007-2316",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2316"
            },
            {
              "name": "38862",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/38862"
            },
            {
              "name": "safari-addressbar-spoofing(35050)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
            },
            {
              "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:43Z",
      "publishedDate": "2007-06-21T10:30Z"
    }
  }
}

Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user's machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. There are vulnerabilities in Konqueror that allow an attacker to spoof the URL adddress bar.

The first example uses setInterval() call with relatively small interval value (e.g. 0) to change window.location property. A browser is entrapped within the attacking web site while the user thinks that browser actually left the page.

http://alt.swiecki.net/konq2.html

The very similar problem affects Apple Safari (3.0.3) but due to recent changes in Safari code (vide http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to conduct a successful attack - URL address bat content changes so frequently so the attack is revealed to the user (variants of attack are currently under investigation).

The second one is based on the http URI scheme which allows embedding user/password parameters into it, i.e. http://user:password@domain.com. Such parameters can contain whitespaces, so the attack vector is quite obvious.

http://alt.swiecki.net/konq3.html

Tested with Konqueror 3.5.7 on Linux 2.6

The snapshot from my dekstop: http://alt.swiecki.net/konq3.png

-- Robert Swiecki

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0346",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "version"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "windows 2003 server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Swiecki\u203b robert@swiecki.net",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2398",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-2398",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25760",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2398",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200706-350",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25760",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. \nAttackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. \nSafari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user\u0027s machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. \nThere are vulnerabilities in Konqueror that allow an attacker to\nspoof the URL adddress bar. \n\nThe first example uses setInterval() call with relatively small interval\nvalue (e.g. 0) to change window.location property. A browser is\nentrapped within the attacking web site while the user thinks that\nbrowser actually left the page. \n\nhttp://alt.swiecki.net/konq2.html\n\nThe very similar problem affects Apple Safari (3.0.3) but due to\nrecent changes in Safari code (vide\nhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it\u0027s a lot harder to\nconduct a successful attack - URL address bat content changes so\nfrequently so the attack is revealed to the user (variants of attack are\ncurrently under investigation). \n\nThe second one is based on the http URI scheme which allows embedding\nuser/password parameters into it, i.e. http://user:password@domain.com. \nSuch parameters can contain whitespaces, so the attack vector is quite\nobvious. \n\nhttp://alt.swiecki.net/konq3.html\n\nTested with Konqueror 3.5.7 on Linux 2.6\n\nThe snapshot from my dekstop:\nhttp://alt.swiecki.net/konq3.png\n\n-- \nRobert Swiecki\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "24484",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1018282",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2316",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0979",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "35050",
        "trust": 1.4
      },
      {
        "db": "OSVDB",
        "id": "38862",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20070614 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070615 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-04-16",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-06-22",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20070614 RE: APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25760",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58353",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "id": "VAR-200706-0346",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:31:38.329000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Safari 3.1.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht1467"
      },
      {
        "title": "Safari 3.1.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht1467?viewlocale=ja_jp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/24484"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1018282"
      },
      {
        "trust": 2.0,
        "url": "http://support.apple.com/kb/ht1467"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2008/0979/references"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/2316"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/35050"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/38862"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2316"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
      },
      {
        "trust": 0.9,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2398"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2398"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/471452/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/471452"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/471454"
      },
      {
        "trust": 0.1,
        "url": "http://alt.swiecki.net/konq2.html"
      },
      {
        "trust": 0.1,
        "url": "http://alt.swiecki.net/konq3.png"
      },
      {
        "trust": 0.1,
        "url": "http://user:password@domain.com."
      },
      {
        "trust": 0.1,
        "url": "http://alt.swiecki.net/konq3.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "date": "2007-06-14T00:00:00",
        "db": "BID",
        "id": "24484"
      },
      {
        "date": "2008-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "date": "2007-08-08T07:37:42",
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "date": "2007-06-21T10:30:00",
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "date": "2007-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "date": "2008-04-18T00:28:00",
        "db": "BID",
        "id": "24484"
      },
      {
        "date": "2008-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "date": "2018-10-16T16:43:19.397000",
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "date": "2009-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari of  Windows Vulnerability that changes the contents of the window title and address bar when used on Windows",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ],
    "trust": 0.9
  }
}

ghsa-7vvf-9wv5-9fw7

Vulnerability from github

Published

2022-05-01 18:03

Modified

2022-05-01 18:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2398"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-21T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.",
  "id": "GHSA-7vvf-9wv5-9fw7",
  "modified": "2022-05-01T18:03:11Z",
  "published": "2022-05-01T18:03:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2398"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/38862"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT1467"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24484"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018282"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0979/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-2398

Vulnerability from cvelistv5

cve-2007-2398

Vulnerability from fkie_nvd

gsd-2007-2398

Vulnerability from gsd

var-200706-0346

Vulnerability from variot

ghsa-7vvf-9wv5-9fw7

Vulnerability from github

Tags

Sightings

Nomenclature