cvelistv5 - cve-2007-2398

CVE-2007-2398 (GCVE-0-2007-2398)

Vulnerability from cvelistv5 – Published: 2007-06-21 10:00 – Updated: 2024-08-07 13:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/38862	vdb-entryx_refsource_OSVDB
	http://support.apple.com/kb/HT1467	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/2316	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2008/0979…	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id?1018282	vdb-entryx_refsource_SECTRACK
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/471452/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/24484	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/471454/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:28.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38862",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38862"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT1467"
          },
          {
            "name": "ADV-2007-2316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2316"
          },
          {
            "name": "ADV-2008-0979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0979/references"
          },
          {
            "name": "APPLE-SA-2007-06-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
          },
          {
            "name": "APPLE-SA-2008-04-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
          },
          {
            "name": "1018282",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018282"
          },
          {
            "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
          },
          {
            "name": "safari-addressbar-spoofing(35050)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
          },
          {
            "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
          },
          {
            "name": "24484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24484"
          },
          {
            "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38862",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38862"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT1467"
        },
        {
          "name": "ADV-2007-2316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2316"
        },
        {
          "name": "ADV-2008-0979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0979/references"
        },
        {
          "name": "APPLE-SA-2007-06-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
        },
        {
          "name": "APPLE-SA-2008-04-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
        },
        {
          "name": "1018282",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018282"
        },
        {
          "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
        },
        {
          "name": "safari-addressbar-spoofing(35050)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
        },
        {
          "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
        },
        {
          "name": "24484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24484"
        },
        {
          "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2398",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38862",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38862"
            },
            {
              "name": "http://support.apple.com/kb/HT1467",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT1467"
            },
            {
              "name": "ADV-2007-2316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2316"
            },
            {
              "name": "ADV-2008-0979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0979/references"
            },
            {
              "name": "APPLE-SA-2007-06-22",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
            },
            {
              "name": "APPLE-SA-2008-04-16",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
            },
            {
              "name": "1018282",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018282"
            },
            {
              "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
            },
            {
              "name": "safari-addressbar-spoofing(35050)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
            },
            {
              "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
            },
            {
              "name": "24484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24484"
            },
            {
              "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2398",
    "datePublished": "2007-06-21T10:00:00",
    "dateReserved": "2007-04-30T00:00:00",
    "dateUpdated": "2024-08-07T13:33:28.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"3E61C168-482B-412A-97E8-B1C651797EDF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.\"}, {\"lang\": \"es\", \"value\": \"El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el t\\u00edtulo de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elecci\\u00f3n estableciendo la barra de localizaci\\u00f3n y usando el setTimeout() para la creaci\\u00f3n de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing.\"}]",
      "id": "CVE-2007-2398",
      "lastModified": "2024-11-21T00:30:41.423",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:C/A:N\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-06-21T10:30:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/38862\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT1467\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471452/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471454/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24484\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018282\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2316\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0979/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/38862\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT1467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471452/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471454/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24484\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018282\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2316\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0979/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2398\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-21T10:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.\"},{\"lang\":\"es\",\"value\":\"El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el t\u00edtulo de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elecci\u00f3n estableciendo la barra de localizaci\u00f3n y usando el setTimeout() para la creaci\u00f3n de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:C/A:N\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"3E61C168-482B-412A-97E8-B1C651797EDF\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/38862\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT1467\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471452/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471454/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24484\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018282\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2316\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0979/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/38862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT1467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471452/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471454/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018282\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0979/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-7VVF-9WV5-9FW7

Vulnerability from github – Published: 2022-05-01 18:03 – Updated: 2022-05-01 18:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2398"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-21T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.",
  "id": "GHSA-7vvf-9wv5-9fw7",
  "modified": "2022-05-01T18:03:11Z",
  "published": "2022-05-01T18:03:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2398"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/38862"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT1467"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24484"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018282"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0979/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200706-0346

Vulnerability from variot - Updated: 2023-12-18 11:31

Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user's machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. There are vulnerabilities in Konqueror that allow an attacker to spoof the URL adddress bar.

The first example uses setInterval() call with relatively small interval value (e.g. 0) to change window.location property. A browser is entrapped within the attacking web site while the user thinks that browser actually left the page.

http://alt.swiecki.net/konq2.html

The very similar problem affects Apple Safari (3.0.3) but due to recent changes in Safari code (vide http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to conduct a successful attack - URL address bat content changes so frequently so the attack is revealed to the user (variants of attack are currently under investigation).

The second one is based on the http URI scheme which allows embedding user/password parameters into it, i.e. http://user:password@domain.com. Such parameters can contain whitespaces, so the attack vector is quite obvious.

http://alt.swiecki.net/konq3.html

Tested with Konqueror 3.5.7 on Linux 2.6

The snapshot from my dekstop: http://alt.swiecki.net/konq3.png

-- Robert Swiecki

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0346",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "version"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "windows 2003 server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Swiecki\u203b robert@swiecki.net",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-2398",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2007-2398",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25760",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-2398",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200706-350",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25760",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. \nAttackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. \nSafari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user\u0027s machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. \nThere are vulnerabilities in Konqueror that allow an attacker to\nspoof the URL adddress bar. \n\nThe first example uses setInterval() call with relatively small interval\nvalue (e.g. 0) to change window.location property. A browser is\nentrapped within the attacking web site while the user thinks that\nbrowser actually left the page. \n\nhttp://alt.swiecki.net/konq2.html\n\nThe very similar problem affects Apple Safari (3.0.3) but due to\nrecent changes in Safari code (vide\nhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it\u0027s a lot harder to\nconduct a successful attack - URL address bat content changes so\nfrequently so the attack is revealed to the user (variants of attack are\ncurrently under investigation). \n\nThe second one is based on the http URI scheme which allows embedding\nuser/password parameters into it, i.e. http://user:password@domain.com. \nSuch parameters can contain whitespaces, so the attack vector is quite\nobvious. \n\nhttp://alt.swiecki.net/konq3.html\n\nTested with Konqueror 3.5.7 on Linux 2.6\n\nThe snapshot from my dekstop:\nhttp://alt.swiecki.net/konq3.png\n\n-- \nRobert Swiecki\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "24484",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1018282",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2316",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0979",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "35050",
        "trust": 1.4
      },
      {
        "db": "OSVDB",
        "id": "38862",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20070614 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070615 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-04-16",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-06-22",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20070614 RE: APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-25760",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58353",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "id": "VAR-200706-0346",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:31:38.329000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Safari 3.1.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht1467"
      },
      {
        "title": "Safari 3.1.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht1467?viewlocale=ja_jp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/24484"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1018282"
      },
      {
        "trust": 2.0,
        "url": "http://support.apple.com/kb/ht1467"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2008/0979/references"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/2316"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/35050"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/38862"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2316"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
      },
      {
        "trust": 0.9,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2398"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2398"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/471452/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/471452"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/471454"
      },
      {
        "trust": 0.1,
        "url": "http://alt.swiecki.net/konq2.html"
      },
      {
        "trust": 0.1,
        "url": "http://alt.swiecki.net/konq3.png"
      },
      {
        "trust": 0.1,
        "url": "http://user:password@domain.com."
      },
      {
        "trust": 0.1,
        "url": "http://alt.swiecki.net/konq3.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "date": "2007-06-14T00:00:00",
        "db": "BID",
        "id": "24484"
      },
      {
        "date": "2008-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "date": "2007-08-08T07:37:42",
        "db": "PACKETSTORM",
        "id": "58353"
      },
      {
        "date": "2007-06-21T10:30:00",
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "date": "2007-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25760"
      },
      {
        "date": "2008-04-18T00:28:00",
        "db": "BID",
        "id": "24484"
      },
      {
        "date": "2008-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      },
      {
        "date": "2018-10-16T16:43:19.397000",
        "db": "NVD",
        "id": "CVE-2007-2398"
      },
      {
        "date": "2009-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari of  Windows Vulnerability that changes the contents of the window title and address bar when used on Windows",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001160"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "24484"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-350"
      }
    ],
    "trust": 0.9
  }
}

CERTA-2008-AVI-211

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités sur Safari permettent à une personne malintentionnée distante d'exécuter du code arbitraire, d'effectuer un déni de service, de contourner la politique de sécurité ou d'effectuer une injection de code indirecte.

Description

Quatre vulnérabilités ont été identifiées dans le navigateur Safari :

le contenu de la barre d'adresses d'une victime peut être changé sans que la page correspondante soit chargée (CVE-2007-2398) ;
une erreur de corruption de mémoire pourrait permettre à une personne malintentionnée distante d'exécuter du code arbitraire en incitant une victime à télécharger un fichier ayant un nom spécialement construit (CVE-2008-1024) ;
un mauvais traitement de certaines URL par Webkit permet à une personne malintentionnée d'effectuer des attaques de type injection de code indirecte (cross-site scripting) (CVE-2008-1025) ;
un débordement de mémoire dans le traitement d'expressions régulières en Javascript par Webkit peut permettre à une personne malintentionnée d'exécuter du code arbitraire à distance (CVE-2008-1026).

Les deux premières vulnérabilités affectent Safari sur Microsoft Windows uniquement. Les deux suivantes affectent également Safari sur Mac OSX.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari versions antérieures à 3.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Article de la base de connaissances Apple HT1467	None	vendor-advisory
Article HT1467 de la base de connaissances d'Apple :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSafari versions ant\u00e9rieures \u00e0 3.1.1.\u003c/P\u003e",
  "content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur Safari :\n\n-   le contenu de la barre d\u0027adresses d\u0027une victime peut \u00eatre chang\u00e9\n    sans que la page correspondante soit charg\u00e9e (CVE-2007-2398) ;\n-   une erreur de corruption de m\u00e9moire pourrait permettre \u00e0 une\n    personne malintentionn\u00e9e distante d\u0027ex\u00e9cuter du code arbitraire en\n    incitant une victime \u00e0 t\u00e9l\u00e9charger un fichier ayant un nom\n    sp\u00e9cialement construit (CVE-2008-1024) ;\n-   un mauvais traitement de certaines URL par Webkit permet \u00e0 une\n    personne malintentionn\u00e9e d\u0027effectuer des attaques de type injection\n    de code indirecte (cross-site scripting) (CVE-2008-1025) ;\n-   un d\u00e9bordement de m\u00e9moire dans le traitement d\u0027expressions\n    r\u00e9guli\u00e8res en Javascript par Webkit peut permettre \u00e0 une personne\n    malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\n    (CVE-2008-1026).\n\nLes deux premi\u00e8res vuln\u00e9rabilit\u00e9s affectent Safari sur Microsoft Windows\nuniquement. Les deux suivantes affectent \u00e9galement Safari sur Mac OSX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1024"
    },
    {
      "name": "CVE-2008-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1026"
    },
    {
      "name": "CVE-2007-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2398"
    },
    {
      "name": "CVE-2008-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1025"
    }
  ],
  "links": [
    {
      "title": "Article HT1467 de la base de connaissances d\u0027Apple :",
      "url": "http://support.apple.com/kb/HT1467"
    }
  ],
  "reference": "CERTA-2008-AVI-211",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eSafari\u003c/span\u003e\npermettent \u00e0 une personne malintentionn\u00e9e distante d\u0027ex\u00e9cuter du code\narbitraire, d\u0027effectuer un d\u00e9ni de service, de contourner la politique\nde s\u00e9curit\u00e9 ou d\u0027effectuer une injection de code indirecte.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Article de la base de connaissances Apple HT1467",
      "url": null
    }
  ]
}

CERTA-2008-AVI-211

Vulnerability from certfr_avis - Published: - Updated:

Description

Quatre vulnérabilités ont été identifiées dans le navigateur Safari :

le contenu de la barre d'adresses d'une victime peut être changé sans que la page correspondante soit chargée (CVE-2007-2398) ;
une erreur de corruption de mémoire pourrait permettre à une personne malintentionnée distante d'exécuter du code arbitraire en incitant une victime à télécharger un fichier ayant un nom spécialement construit (CVE-2008-1024) ;
un mauvais traitement de certaines URL par Webkit permet à une personne malintentionnée d'effectuer des attaques de type injection de code indirecte (cross-site scripting) (CVE-2008-1025) ;
un débordement de mémoire dans le traitement d'expressions régulières en Javascript par Webkit peut permettre à une personne malintentionnée d'exécuter du code arbitraire à distance (CVE-2008-1026).

Les deux premières vulnérabilités affectent Safari sur Microsoft Windows uniquement. Les deux suivantes affectent également Safari sur Mac OSX.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari versions antérieures à 3.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Article de la base de connaissances Apple HT1467	None	vendor-advisory
Article HT1467 de la base de connaissances d'Apple :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSafari versions ant\u00e9rieures \u00e0 3.1.1.\u003c/P\u003e",
  "content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur Safari :\n\n-   le contenu de la barre d\u0027adresses d\u0027une victime peut \u00eatre chang\u00e9\n    sans que la page correspondante soit charg\u00e9e (CVE-2007-2398) ;\n-   une erreur de corruption de m\u00e9moire pourrait permettre \u00e0 une\n    personne malintentionn\u00e9e distante d\u0027ex\u00e9cuter du code arbitraire en\n    incitant une victime \u00e0 t\u00e9l\u00e9charger un fichier ayant un nom\n    sp\u00e9cialement construit (CVE-2008-1024) ;\n-   un mauvais traitement de certaines URL par Webkit permet \u00e0 une\n    personne malintentionn\u00e9e d\u0027effectuer des attaques de type injection\n    de code indirecte (cross-site scripting) (CVE-2008-1025) ;\n-   un d\u00e9bordement de m\u00e9moire dans le traitement d\u0027expressions\n    r\u00e9guli\u00e8res en Javascript par Webkit peut permettre \u00e0 une personne\n    malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance\n    (CVE-2008-1026).\n\nLes deux premi\u00e8res vuln\u00e9rabilit\u00e9s affectent Safari sur Microsoft Windows\nuniquement. Les deux suivantes affectent \u00e9galement Safari sur Mac OSX.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1024"
    },
    {
      "name": "CVE-2008-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1026"
    },
    {
      "name": "CVE-2007-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2398"
    },
    {
      "name": "CVE-2008-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1025"
    }
  ],
  "links": [
    {
      "title": "Article HT1467 de la base de connaissances d\u0027Apple :",
      "url": "http://support.apple.com/kb/HT1467"
    }
  ],
  "reference": "CERTA-2008-AVI-211",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eSafari\u003c/span\u003e\npermettent \u00e0 une personne malintentionn\u00e9e distante d\u0027ex\u00e9cuter du code\narbitraire, d\u0027effectuer un d\u00e9ni de service, de contourner la politique\nde s\u00e9curit\u00e9 ou d\u0027effectuer une injection de code indirecte.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Article de la base de connaissances Apple HT1467",
      "url": null
    }
  ]
}

FKIE_CVE-2007-2398

Vulnerability from fkie_nvd - Published: 2007-06-21 10:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
	cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
	cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
	cve@mitre.org	http://osvdb.org/38862
	cve@mitre.org	http://support.apple.com/kb/HT1467
	cve@mitre.org	http://www.securityfocus.com/archive/1/471452/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/471454/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/24484
	cve@mitre.org	http://www.securitytracker.com/id?1018282
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/2316
	cve@mitre.org	http://www.vupen.com/english/advisories/2008/0979/references
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35050
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/38862
	af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT1467
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471452/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471454/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24484
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018282
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2316
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0979/references
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35050

Impacted products

	Vendor	Product	Version
	microsoft	windows_2003_server	sp2
	apple	safari	3.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
    },
    {
      "lang": "es",
      "value": "El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el t\u00edtulo de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elecci\u00f3n estableciendo la barra de localizaci\u00f3n y usando el setTimeout() para la creaci\u00f3n de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing."
    }
  ],
  "id": "CVE-2007-2398",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-21T10:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/38862"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT1467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24484"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0979/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/38862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT1467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-2398

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2398

Aliases

CVE-2007-2398

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2398",
    "description": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.",
    "id": "GSD-2007-2398"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2398"
      ],
      "details": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.",
      "id": "GSD-2007-2398",
      "modified": "2023-12-13T01:21:38.173906Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2398",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "38862",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/38862"
          },
          {
            "name": "http://support.apple.com/kb/HT1467",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT1467"
          },
          {
            "name": "ADV-2007-2316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2316"
          },
          {
            "name": "ADV-2008-0979",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0979/references"
          },
          {
            "name": "APPLE-SA-2007-06-22",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
          },
          {
            "name": "APPLE-SA-2008-04-16",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
          },
          {
            "name": "1018282",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018282"
          },
          {
            "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
          },
          {
            "name": "safari-addressbar-spoofing(35050)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
          },
          {
            "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
          },
          {
            "name": "24484",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24484"
          },
          {
            "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2398"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070614 Re: Apple Safari: urlbar/window title spoofing",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
            },
            {
              "name": "20070615 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2007-06-22",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"
            },
            {
              "name": "24484",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24484"
            },
            {
              "name": "1018282",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018282"
            },
            {
              "name": "http://support.apple.com/kb/HT1467",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT1467"
            },
            {
              "name": "APPLE-SA-2008-04-16",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html"
            },
            {
              "name": "ADV-2008-0979",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0979/references"
            },
            {
              "name": "ADV-2007-2316",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2316"
            },
            {
              "name": "38862",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/38862"
            },
            {
              "name": "safari-addressbar-spoofing(35050)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
            },
            {
              "name": "20070614 Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:43Z",
      "publishedDate": "2007-06-21T10:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2398 (GCVE-0-2007-2398)

GHSA-7VVF-9WV5-9FW7

VAR-200706-0346

CERTA-2008-AVI-211

Description

Solution

CERTA-2008-AVI-211

Description

Solution

FKIE_CVE-2007-2398

GSD-2007-2398

Tags

Sightings

Nomenclature