Lucene search

[email protected]CVE-2007-4431

HistoryAug 20, 2007 - 7:17 p.m.

CVE-2007-4431

2007-08-2019:17:00

[email protected]

web.nvd.nist.gov

vulnerability

apple safari

windows

remote attackers

same origin policy

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka “classic JavaScript frame hijacking.”

Affected configurations

NVD

Node

applesafariRange≤3.0.3windows

CPENameOperatorVersion
apple:safariapple safarile3.0.3

CPE	Name	Operator	Version
apple:safari	apple safari	le	3.0.3

References

osvdb.org/46720

sla.ckers.org/forum/read.php?3%2C14151

www.0x000000.com/index.php?i=420

www.securityfocus.com/bid/25355

www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2007-4431

prion1 cvelist1 nvd1