VAR-200706-0348
Vulnerability from variot - Updated: 2023-12-18 11:35Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Exploiting this issue may allow attackers to access locations that a user visits, even if those locations are in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks. This issue affects versions prior to Safari 3 Beta Update 3.0.2. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. The specific vulnerability entries are as follows: * CVE-2007-2400 There is a vulnerability in the implementation of Safari's processing of JavsScript. Remote attackers may use this vulnerability to bypass the same-origin policy and operate other web pages without authorization.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Apple iPhone Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA26287
VERIFY ADVISORY: http://secunia.com/advisories/26287/
CRITICAL: Highly critical
IMPACT: Cross Site Scripting, Spoofing, DoS, System access
WHERE:
From remote
OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/
DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, and potentially to compromise a vulnerable system.
2) A boundary error in the Perl Compatible Regular Expressions (PCRE) library used by the Javascript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page.
Successful exploitation may allow execution of arbitrary code.
3) An HTTP injection issue in XMLHttpRequest can be exploited to inject arbitrary HTTP requests.
For more information see vulnerability #2 in: SA25786
4) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL by registering domain names with certain international characters that resembles other commonly used characters.
5) An invalid type conversion when rendering frame sets may allow execution of arbitrary code.
For more information see vulnerability #1 in: SA25786
SOLUTION: Update to version 1.0.1 (downloadable and installable via iTunes).
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. 2) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. 3) The vendor credits Richard Moore, Westpoint Ltd. 5) The vendor credits Rhys Kidd, Westnet.
ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306173
OTHER REFERENCES: SA25786: http://secunia.com/advisories/25786/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "apple computer",
"version": null
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "windows vista",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "sp3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1"
},
{
"model": "safari beta for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#289988"
},
{
"db": "CERT/CC",
"id": "VU#845708"
},
{
"db": "CERT/CC",
"id": "VU#389868"
},
{
"db": "BID",
"id": "24599"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2400"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lawrence Lai, Stan Switzer, Ed Rowe of Adobe Systems, Inc disclosed this vulnerability.",
"sources": [
{
"db": "BID",
"id": "24599"
}
],
"trust": 0.3
},
"cve": "CVE-2007-2400",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-2400",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-25762",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-2400",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#289988",
"trust": 0.8,
"value": "0.47"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#845708",
"trust": 0.8,
"value": "0.57"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#389868",
"trust": 0.8,
"value": "2.55"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-397",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-25762",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#289988"
},
{
"db": "CERT/CC",
"id": "VU#845708"
},
{
"db": "CERT/CC",
"id": "VU#389868"
},
{
"db": "VULHUB",
"id": "VHN-25762"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. \nExploiting this issue may allow attackers to access locations that a user visits, even if those locations are in a different domain than the attacker\u0027s site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks. \nThis issue affects versions prior to Safari 3 Beta Update 3.0.2. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. The specific vulnerability entries are as follows: * CVE-2007-2400 There is a vulnerability in the implementation of Safari\u0027s processing of JavsScript. Remote attackers may use this vulnerability to bypass the same-origin policy and operate other web pages without authorization. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iPhone Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26287\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26287/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple iPhone 1.x\nhttp://secunia.com/product/15128/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple iPhone, which can be\nexploited by malicious people to conduct cross-site scripting and\nspoofing attacks, and potentially to compromise a vulnerable system. \n\n2) A boundary error in the Perl Compatible Regular Expressions (PCRE)\nlibrary used by the Javascript engine in Safari can be exploited to\ncause a heap-based buffer overflow when a user visits a malicious web\npage. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n3) An HTTP injection issue in XMLHttpRequest can be exploited to\ninject arbitrary HTTP requests. \n\nFor more information see vulnerability #2 in:\nSA25786\n\n4) An error in WebKit within in the handling of International Domain\nName (IDN) support and Unicode fonts embedded in Safari can be\nexploited to spoof a URL by registering domain names with certain\ninternational characters that resembles other commonly used\ncharacters. \n\n5) An invalid type conversion when rendering frame sets may allow\nexecution of arbitrary code. \n\nFor more information see vulnerability #1 in:\nSA25786\n\nSOLUTION:\nUpdate to version 1.0.1 (downloadable and installable via iTunes). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of\nAdobe Systems, Inc. \n2) The vendor credits Charlie Miller and Jake Honoroff of Independent\nSecurity Evaluators. \n3) The vendor credits Richard Moore, Westpoint Ltd. \n5) The vendor credits Rhys Kidd, Westnet. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306173\n\nOTHER REFERENCES:\nSA25786:\nhttp://secunia.com/advisories/25786/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"db": "CERT/CC",
"id": "VU#289988"
},
{
"db": "CERT/CC",
"id": "VU#845708"
},
{
"db": "CERT/CC",
"id": "VU#389868"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "BID",
"id": "24599"
},
{
"db": "VULHUB",
"id": "VHN-25762"
},
{
"db": "PACKETSTORM",
"id": "58223"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "26287",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#289988",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2007-2400",
"trust": 2.8
},
{
"db": "BID",
"id": "24599",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "36452",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2316",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2731",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018282",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25786",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#845708",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#389868",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-397",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-25762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58223",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#289988"
},
{
"db": "CERT/CC",
"id": "VU#845708"
},
{
"db": "CERT/CC",
"id": "VU#389868"
},
{
"db": "VULHUB",
"id": "VHN-25762"
},
{
"db": "BID",
"id": "24599"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "PACKETSTORM",
"id": "58223"
},
{
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"id": "VAR-200706-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-25762"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:35:16.788000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://windows.microsoft.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.9
},
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-25762"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "NVD",
"id": "CVE-2007-2400"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://docs.info.apple.com/article.html?artnum=306173"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/289988"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/26287/"
},
{
"trust": 2.5,
"url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25786/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/24599"
},
{
"trust": 1.7,
"url": "http://osvdb.org/36452"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018282"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26287"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2316"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2731"
},
{
"trust": 1.6,
"url": "http://developer.apple.com/opensource/internet/webkit.html"
},
{
"trust": 1.6,
"url": "http://docs.info.apple.com/article.html?artnum=305759"
},
{
"trust": 0.8,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.8,
"url": "http://www.mozilla.org/projects/security/components/same-origin.html"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 0.8,
"url": "http://www.cert.org/tech_tips/securing_browser/#safari"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/internet/webcontent/xmlhttpreq.html"
},
{
"trust": 0.8,
"url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"
},
{
"trust": 0.8,
"url": "http://webkit.opendarwin.org/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2400"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2400"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15128/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#289988"
},
{
"db": "CERT/CC",
"id": "VU#845708"
},
{
"db": "CERT/CC",
"id": "VU#389868"
},
{
"db": "VULHUB",
"id": "VHN-25762"
},
{
"db": "BID",
"id": "24599"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "PACKETSTORM",
"id": "58223"
},
{
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#289988"
},
{
"db": "CERT/CC",
"id": "VU#845708"
},
{
"db": "CERT/CC",
"id": "VU#389868"
},
{
"db": "VULHUB",
"id": "VHN-25762"
},
{
"db": "BID",
"id": "24599"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"db": "PACKETSTORM",
"id": "58223"
},
{
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-25T00:00:00",
"db": "CERT/CC",
"id": "VU#289988"
},
{
"date": "2007-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#845708"
},
{
"date": "2007-06-22T00:00:00",
"db": "CERT/CC",
"id": "VU#389868"
},
{
"date": "2007-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-25762"
},
{
"date": "2007-06-22T00:00:00",
"db": "BID",
"id": "24599"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"date": "2007-08-08T04:01:26",
"db": "PACKETSTORM",
"id": "58223"
},
{
"date": "2007-06-25T19:30:00",
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"date": "2007-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-21T00:00:00",
"db": "CERT/CC",
"id": "VU#289988"
},
{
"date": "2008-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#845708"
},
{
"date": "2008-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#389868"
},
{
"date": "2011-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-25762"
},
{
"date": "2007-08-01T18:55:00",
"db": "BID",
"id": "24599"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001942"
},
{
"date": "2022-08-09T13:46:58.393000",
"db": "NVD",
"id": "CVE-2007-2400"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari cross-domain HTTP redirection race condition",
"sources": [
{
"db": "CERT/CC",
"id": "VU#289988"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-397"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…