Lucene search

[email protected]CVE-2005-2272

HistoryJul 13, 2005 - 4:00 a.m.

CVE-2005-2272

2005-07-1304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2272

safari

dialog box

spoofing

phishing

vulnerability

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.8%

JSON

Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the “Dialog Origin Spoofing Vulnerability.”

CPENameOperatorVersion
apple:safariapple safarieq2.0

CPE	Name	Operator	Version
apple:safari	apple safari	eq	2.0

References

docs.info.apple.com/article.html?artnum=302847

secunia.com/advisories/15474

secunia.com/advisories/17813

secunia.com/multiple_browsers_dialog_origin_vulnerability_test/

secunia.com/secunia_research/2005-12/advisory/

securitytracker.com/id?1015294

www.osvdb.org/17397

www.securityfocus.com/bid/14011

www.vupen.com/english/advisories/2005/2659

exchange.xforce.ibmcloud.com/vulnerabilities/21070

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVE-2005-2272

cve1 nessus4