VAR-200706-0107
Vulnerability from variot - Updated: 2023-12-18 12:32Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. This specific vulnerability relies on the use of IFRAME elements; attackers can do even more damage by combining it with Mozilla XPCOM components. Exploiting the issue would permit a remote attacker to influence command options that can be called through Safari protocol handlers and to compromise affected systems in the context of the vulnerable user. This issue may be related to the vulnerability discussed in BID 10406 (Apple MacOS X SSH URI Handler Remote Code Execution Vulnerability). We will update this BID as more information emerges. Note: Apple has released Safari for Windows Beta 3.0.1. Apple Safari is a WEB browser used by the Apple family of operating systems. There is a vulnerability in Safari's handling of URL parameters, which may be exploited by remote attackers to control the user's machine. The URL protocol handler on the Windows platform will execute the process with specific command line parameters at runtime. Safari on Windows platforms does not perform proper input validation for these parameters, so an attacker could inject commands bypassing the intended restrictions. A typical URL request, such as myprotocol://someserver.com/someargument, would be translated into the following command-line restructuring: "C:\Program Files\My Application\myprotocol.exe" "someserver.com/someargument" But this is still Not enough to send arbitrary characters to the command line, URL escaping is required to convert the myprotocol://someserver.com/some"[SPACE] parameter to: "C:\Program Files\My Application\myprotocol.exe" "someserver .com/some"%20argument cannot attack Safari after escaping, because the executed command line is invalid. However, Safari cannot correctly validate the input when processing these requests through the IFRAME unit, for example: <iframe src=' myprotocol://someserver.com" < foo > bar | foobar "arg1′> would be converted to the following command line: "C:\Program Files\My Application\myprotocol.exe" "someserver.com" < foo > bar | foobar"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0107",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "windows edition beta 3.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "windows"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "mobile safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari beta for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "24434"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3186"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thor Larholm\u203b Thor@jubii.dk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3186",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-3186",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-26548",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3186",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-194",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-26548",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26548"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. \nExploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. \nThis specific vulnerability relies on the use of IFRAME elements; attackers can do even more damage by combining it with Mozilla XPCOM components. \nExploiting the issue would permit a remote attacker to influence command options that can be called through Safari protocol handlers and to compromise affected systems in the context of the vulnerable user. \nThis issue may be related to the vulnerability discussed in BID 10406 (Apple MacOS X SSH URI Handler Remote Code Execution Vulnerability). We will update this BID as more information emerges. \nNote: Apple has released Safari for Windows Beta 3.0.1. Apple Safari is a WEB browser used by the Apple family of operating systems. There is a vulnerability in Safari\u0027s handling of URL parameters, which may be exploited by remote attackers to control the user\u0027s machine. The URL protocol handler on the Windows platform will execute the process with specific command line parameters at runtime. Safari on Windows platforms does not perform proper input validation for these parameters, so an attacker could inject commands bypassing the intended restrictions. A typical URL request, such as myprotocol://someserver.com/someargument, would be translated into the following command-line restructuring: \"C:\\Program Files\\My Application\\myprotocol.exe\" \"someserver.com/someargument\" But this is still Not enough to send arbitrary characters to the command line, URL escaping is required to convert the myprotocol://someserver.com/some\"[SPACE] parameter to: \"C:\\Program Files\\My Application\\myprotocol.exe\" \"someserver .com/some\"%20argument cannot attack Safari after escaping, because the executed command line is invalid. However, Safari cannot correctly validate the input when processing these requests through the IFRAME unit, for example: \u003ciframe src=\u0027 myprotocol://someserver.com\" \u003c foo \u003e bar | foobar \"arg1\u2032\u003e\u003c/iframe\u003e would be converted to the following command line: \"C:\\Program Files\\My Application\\myprotocol.exe\" \"someserver.com\" \u003c foo \u003e bar | foobar\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "BID",
"id": "24434"
},
{
"db": "VULHUB",
"id": "VHN-26548"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-26548",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26548"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3186",
"trust": 2.8
},
{
"db": "BID",
"id": "24434",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2007-2192",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018224",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "38542",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20070612 SAFARI FOR WINDOWS, 0DAY URL PROTOCOL HANDLER COMMAND INJECTION",
"trust": 0.6
},
{
"db": "XF",
"id": "34824",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070612 SAFARI FOR WINDOWS, 0DAY URL PROTOCOL HANDLER COMMAND INJECTION",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-06-14",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200706-194",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83626",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "30176",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-26548",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26548"
},
{
"db": "BID",
"id": "24434"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"id": "VAR-200706-0107",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26548"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:21.155000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2007-06-14",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26548"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "NVD",
"id": "CVE-2007-3186"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24434"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-june/063926.html"
},
{
"trust": 1.7,
"url": "http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours"
},
{
"trust": 1.7,
"url": "http://larholm.com/2007/06/14/safari-301-released/"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018224"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/471176/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://osvdb.org/38542"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2192"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34824"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3186"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3186"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34824"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/471176/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2192"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "/archive/1/471176"
},
{
"trust": 0.3,
"url": "http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26548"
},
{
"db": "BID",
"id": "24434"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26548"
},
{
"db": "BID",
"id": "24434"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-26548"
},
{
"date": "2007-06-12T00:00:00",
"db": "BID",
"id": "24434"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"date": "2007-06-12T22:30:00",
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"date": "2007-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-26548"
},
{
"date": "2007-06-14T13:39:00",
"db": "BID",
"id": "24434"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002179"
},
{
"date": "2018-10-16T16:47:49.357000",
"db": "NVD",
"id": "CVE-2007-3186"
},
{
"date": "2007-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-194"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…