CVE-2007-4699
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.3%
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:safari | apple safari | eq | * |
References
docs.info.apple.com/article.html?artnum=307041
lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
secunia.com/advisories/27643
securitytracker.com/id?1018948
www.securityfocus.com/bid/26444
www.us-cert.gov/cas/techalerts/TA07-319A.html
www.vupen.com/english/advisories/2007/3868
exchange.xforce.ibmcloud.com/vulnerabilities/38485
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.3%