Lucene search

[email protected]CVE-2008-1007

HistoryMar 19, 2008 - 12:44 a.m.

CVE-2008-1007

2008-03-1900:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1007

webcore

apple safari

xss

cross-site scripting

frame navigation policy

java applets

nvd

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.6%

JSON

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

CPENameOperatorVersion
apple:safariapple safarile3.0.4
apple:safariapple safarieq1.3.2
apple:safariapple safarieq2.0.2
apple:safariapple safarieq3.0.1
apple:safariapple safarieq3.0.2
apple:safariapple safarieq1.0
apple:safariapple safarieq1.3
apple:safariapple safarieq3.0.3
apple:safariapple safarieq2.0
apple:safariapple safarieq0.8

CPE	Name	Operator	Version
apple:safari	apple safari	le	3.0.4
apple:safari	apple safari	eq	1.3.2
apple:safari	apple safari	eq	2.0.2
apple:safari	apple safari	eq	3.0.1
apple:safari	apple safari	eq	3.0.2
apple:safari	apple safari	eq	1.0
apple:safari	apple safari	eq	1.3
apple:safari	apple safari	eq	3.0.3
apple:safari	apple safari	eq	2.0
apple:safari	apple safari	eq	0.8

Rows per page:

1-10 of 161

References

docs.info.apple.com/article.html?artnum=307563

lists.apple.com/archives/security-announce/2008/Mar/msg00000.html

secunia.com/advisories/29393

www.securityfocus.com/bid/28290

www.securityfocus.com/bid/28335

www.securitytracker.com/id?1019653

www.us-cert.gov/cas/techalerts/TA08-079A.html

www.vupen.com/english/advisories/2008/0920/references

exchange.xforce.ibmcloud.com/vulnerabilities/41324

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2008-1007

prion1 nessus1 seebug1