var-200706-0346
Vulnerability from variot
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. Safari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user's machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. There are vulnerabilities in Konqueror that allow an attacker to spoof the URL adddress bar.
The first example uses setInterval() call with relatively small interval value (e.g. 0) to change window.location property. A browser is entrapped within the attacking web site while the user thinks that browser actually left the page.
http://alt.swiecki.net/konq2.html
The very similar problem affects Apple Safari (3.0.3) but due to recent changes in Safari code (vide http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to conduct a successful attack - URL address bat content changes so frequently so the attack is revealed to the user (variants of attack are currently under investigation).
The second one is based on the http URI scheme which allows embedding user/password parameters into it, i.e. http://user:password@domain.com. Such parameters can contain whitespaces, so the attack vector is quite obvious.
http://alt.swiecki.net/konq3.html
Tested with Konqueror 3.5.7 on Linux 2.6
The snapshot from my dekstop: http://alt.swiecki.net/konq3.png
-- Robert Swiecki
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0346",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "version"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "windows 2003 server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "sp2"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari beta for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
}
],
"sources": [
{
"db": "BID",
"id": "24484"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2398"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Swiecki\u203b robert@swiecki.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
],
"trust": 0.6
},
"cve": "CVE-2007-2398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-2398",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-25760",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2398",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-350",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-25760",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25760"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. \nAttackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. \nSafari 3.0.1 (522.12.12) on Windows 2003 SE SP2 is reported vulnerable; other versions may also be affected. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a vulnerability in the implementation of Safari for Windows, and remote attackers may use this vulnerability to perform malicious operations on the user\u0027s machine. If a user is tricked into visiting content on a malicious site, an attacker can forge content on a legitimate site, steal user credentials, or perform other phishing attacks. \nThere are vulnerabilities in Konqueror that allow an attacker to\nspoof the URL adddress bar. \n\nThe first example uses setInterval() call with relatively small interval\nvalue (e.g. 0) to change window.location property. A browser is\nentrapped within the attacking web site while the user thinks that\nbrowser actually left the page. \n\nhttp://alt.swiecki.net/konq2.html\n\nThe very similar problem affects Apple Safari (3.0.3) but due to\nrecent changes in Safari code (vide\nhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it\u0027s a lot harder to\nconduct a successful attack - URL address bat content changes so\nfrequently so the attack is revealed to the user (variants of attack are\ncurrently under investigation). \n\nThe second one is based on the http URI scheme which allows embedding\nuser/password parameters into it, i.e. http://user:password@domain.com. \nSuch parameters can contain whitespaces, so the attack vector is quite\nobvious. \n\nhttp://alt.swiecki.net/konq3.html\n\nTested with Konqueror 3.5.7 on Linux 2.6\n\nThe snapshot from my dekstop:\nhttp://alt.swiecki.net/konq3.png\n\n-- \nRobert Swiecki\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"db": "BID",
"id": "24484"
},
{
"db": "VULHUB",
"id": "VHN-25760"
},
{
"db": "PACKETSTORM",
"id": "58353"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-2398",
"trust": 2.9
},
{
"db": "BID",
"id": "24484",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1018282",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-2316",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0979",
"trust": 1.7
},
{
"db": "XF",
"id": "35050",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "38862",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20070614 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070615 RE: [FULL-DISCLOSURE] APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-04-16",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2007-06-22",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20070614 RE: APPLE SAFARI: URLBAR/WINDOW TITLE SPOOFING",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-25760",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58353",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25760"
},
{
"db": "BID",
"id": "24484"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"db": "PACKETSTORM",
"id": "58353"
},
{
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"id": "VAR-200706-0346",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25760"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:31:38.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Safari 3.1.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1467"
},
{
"title": "Safari 3.1.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1467?viewlocale=ja_jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/24484"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1018282"
},
{
"trust": 2.0,
"url": "http://support.apple.com/kb/ht1467"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/471454/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0979/references"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/2316"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/35050"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/471452/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://osvdb.org/38862"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35050"
},
{
"trust": 0.9,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2398"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2398"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/471452/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "/archive/1/471452"
},
{
"trust": 0.3,
"url": "/archive/1/471454"
},
{
"trust": 0.1,
"url": "http://alt.swiecki.net/konq2.html"
},
{
"trust": 0.1,
"url": "http://alt.swiecki.net/konq3.png"
},
{
"trust": 0.1,
"url": "http://user:password@domain.com."
},
{
"trust": 0.1,
"url": "http://alt.swiecki.net/konq3.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25760"
},
{
"db": "BID",
"id": "24484"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"db": "PACKETSTORM",
"id": "58353"
},
{
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-25760"
},
{
"db": "BID",
"id": "24484"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"db": "PACKETSTORM",
"id": "58353"
},
{
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-25760"
},
{
"date": "2007-06-14T00:00:00",
"db": "BID",
"id": "24484"
},
{
"date": "2008-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"date": "2007-08-08T07:37:42",
"db": "PACKETSTORM",
"id": "58353"
},
{
"date": "2007-06-21T10:30:00",
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"date": "2007-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-25760"
},
{
"date": "2008-04-18T00:28:00",
"db": "BID",
"id": "24484"
},
{
"date": "2008-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001160"
},
{
"date": "2018-10-16T16:43:19.397000",
"db": "NVD",
"id": "CVE-2007-2398"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari of Windows Vulnerability that changes the contents of the window title and address bar when used on Windows",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "24484"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-350"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.