Lucene search

[email protected]CVE-2008-1005

HistoryMar 19, 2008 - 12:44 a.m.

CVE-2008-1005

2008-03-1900:44:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-1005

webcore

apple safari

password field

reverse conversion

kotoeri input method

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.2%

JSON

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

Affected configurations

NVD

Node

applesafariMatch0.8

applesafariMatch0.9

applesafariMatch1.0

applesafariMatch1.1

applesafariMatch1.2

applesafariMatch1.3

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch2.0

applesafariMatch2.0.2

applesafariMatch2.0.4

applesafariMatch3.0

applesafariMatch3.0.1

applesafariMatch3.0.2

applesafariMatch3.0.3

applesafariMatch3.0.4

CPENameOperatorVersion
apple:safariapple safarieq0.8
apple:safariapple safarieq0.9
apple:safariapple safarieq1.0
apple:safariapple safarieq1.1
apple:safariapple safarieq1.2
apple:safariapple safarieq1.3
apple:safariapple safarieq1.3.1
apple:safariapple safarieq1.3.2
apple:safariapple safarieq2.0
apple:safariapple safarieq2.0.2

CPE	Name	Operator	Version
apple:safari	apple safari	eq	0.8
apple:safari	apple safari	eq	0.9
apple:safari	apple safari	eq	1.0
apple:safari	apple safari	eq	1.1
apple:safari	apple safari	eq	1.2
apple:safari	apple safari	eq	1.3
apple:safari	apple safari	eq	1.3.1
apple:safari	apple safari	eq	1.3.2
apple:safari	apple safari	eq	2.0
apple:safari	apple safari	eq	2.0.2

Rows per page:

1-10 of 161

References

docs.info.apple.com/article.html?artnum=307563

lists.apple.com/archives/security-announce/2008/Mar/msg00000.html

secunia.com/advisories/29393

www.securityfocus.com/bid/28290

www.securityfocus.com/bid/28326

www.securitytracker.com/id?1019656

www.us-cert.gov/cas/techalerts/TA08-079A.html

www.vupen.com/english/advisories/2008/0920/references

exchange.xforce.ibmcloud.com/vulnerabilities/41329

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.2%

JSON

Related for CVE-2008-1005

nvd1 prion1 cvelist1 nessus1 seebug1