Lucene search

MitreCVE-2007-5858

HistoryDec 19, 2007 - 9:46 p.m.

CVE-2007-5858

2007-12-1921:46:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-5858

webkit

safari

apple

mac os x

iphone

xss

cross-site scripting

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.9

Confidence

High

EPSS

0.027

Percentile

90.7%

JSON

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to “navigate the subframes of any other page,” which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

Affected configurations

Nvd

Node

applemac_os_xMatch10.4.11

applemac_os_xMatch10.5.1

AND

appleiphoneMatch1.0

appleiphoneMatch1.02

appleipod_touchMatch1.1

appleipod_touchMatch1.1.1

appleipod_touchMatch1.1.2

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

AND

applesafari

VendorProductVersionCPE
applemac_os_x10.4.11cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
applemac_os_x10.5.1cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
appleiphone1.0cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
appleiphone1.02cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
appleipod_touch1.1cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
appleipod_touch1.1.1cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
appleipod_touch1.1.2cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
appleiphone_os1.0.1cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
appleiphone_os1.0.2cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
appleiphone_os1.1.1cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.4.11	cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*
apple	mac_os_x	10.5.1	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
apple	iphone	1.0	cpe:2.3:h:apple:iphone:1.0:::::::*
apple	iphone	1.02	cpe:2.3:h:apple:iphone:1.02:::::::*
apple	ipod_touch	1.1	cpe:2.3:h:apple:ipod_touch:1.1:::::::*
apple	ipod_touch	1.1.1	cpe:2.3:h:apple:ipod_touch:1.1.1:::::::*
apple	ipod_touch	1.1.2	cpe:2.3:h:apple:ipod_touch:1.1.2:::::::*
apple	iphone_os	1.0.1	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
apple	iphone_os	1.0.2	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
apple	iphone_os	1.1.1	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*

Rows per page:

1-10 of 121

References

docs.info.apple.com/article.html?artnum=307178

docs.info.apple.com/article.html?artnum=307179

docs.info.apple.com/article.html?artnum=307302

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.apple.com/archives/security-announce/2008/Jan/msg00000.html

secunia.com/advisories/28136

secunia.com/advisories/28497

securitytracker.com/id?1019108

www.securityfocus.com/bid/26911

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0147

exchange.xforce.ibmcloud.com/vulnerabilities/39091

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.9

Confidence

High

EPSS

0.027

Percentile

90.7%

JSON

Related for CVE-2007-5858