[email protected]CVE-2010-1386

HistoryAug 19, 2010 - 10:00 p.m.

CVE-2010-1386

2010-08-1922:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2010-1386

page

geolocation

webcore

webkit

access restriction

remote attack vectors

8.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

CPENameOperatorVersion
apple:webkitapple webkiteqr50173
apple:webkitapple webkitler56187

CPE	Name	Operator	Version
apple:webkit	apple webkit	eq	r50173
apple:webkit	apple webkit	le	r56187

References

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/41856

secunia.com/advisories/43068

security-tracker.debian.org/tracker/CVE-2010-1386

trac.webkit.org/changeset/56188

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.securityfocus.com/bid/42500

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

bugs.webkit.org/show_bug.cgi?id=36255

8.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2010-1386

prion1 ubuntucve1 debiancve1 nessus8 openvas17 freebsd1 fedora6