CVE-2007-3482

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/38860
http://www.0x000000.com/?i=371
http://www.securityfocus.com/bid/24700
http://osvdb.org/38860
http://www.0x000000.com/?i=371
http://www.securityfocus.com/bid/24700

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microsoft:windows_nt:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:33

Type	Values Removed	Values Added
References	~~() http://osvdb.org/38860 -~~	() http://osvdb.org/38860 -
References	~~() http://www.0x000000.com/?i=371 -~~	() http://www.0x000000.com/?i=371 -
References	~~() http://www.securityfocus.com/bid/24700 -~~	() http://www.securityfocus.com/bid/24700 -

Information

Published : 2007-06-28 18:30

Updated : 2024-11-21 00:33

NVD link : CVE-2007-3482

Mitre link : CVE-2007-3482

CVE.ORG link : CVE-2007-3482

JSON object : View

Products Affected

microsoft

windows_nt

apple

safari

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2007-3482", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-28T18:30:00.000", "references": [{"url": "http://osvdb.org/38860", "source": "cve@mitre.org"}, {"url": "http://www.0x000000.com/?i=371", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24700", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38860", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.0x000000.com/?i=371", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24700", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the \"same origin policy\" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-domain en Apple Safari para Windows versi\u00f3n 3.0.1, permite a atacantes remotos omitir la \"same origin policy\" y acceder a informaci\u00f3n restringida de otros dominios por medio de JavaScript que sobrescribe la variable document y establece est\u00e1ticamente el atributo document.domain."}], "lastModified": "2024-11-21T00:33:21.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_nt:3.0.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03D23398-0916-4E7E-9F22-B01569E3ECD6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}