Lucene search
AppleCVE-2012-3714HistorySep 20, 2012 - 9:55 p.m.
CVE-2012-3714
2012-09-2021:55:02
CWE-264
CWE-200
apple
web.nvd.nist.gov
25
cve-2012-3714
safari
form autofill
remote attack
me card
address book
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.003
Percentile
70.7%
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.
Affected configurations
Node
applesafari
ORapplesafariRange≤6.0
ORapplesafariMatch1.0
ORapplesafariMatch1.0beta
ORapplesafariMatch1.0beta2
ORapplesafariMatch1.0.0
ORapplesafariMatch1.0.0b1
ORapplesafariMatch1.0.0b2
ORapplesafariMatch1.0.1
ORapplesafariMatch1.0.2
ORapplesafariMatch1.0.3
ORapplesafariMatch1.0.385.8
ORapplesafariMatch1.0.385.8.1
ORapplesafariMatch1.0b1-mac
ORapplesafariMatch1.1
ORapplesafariMatch1.1.0
ORapplesafariMatch1.1.1
ORapplesafariMatch1.2
ORapplesafariMatch1.2.0
ORapplesafariMatch1.2.1
ORapplesafariMatch1.2.2
ORapplesafariMatch1.2.3
ORapplesafariMatch1.2.4
ORapplesafariMatch1.2.5
ORapplesafariMatch1.3
ORapplesafariMatch1.3.0
ORapplesafariMatch1.3.1
ORapplesafariMatch1.3.2
ORapplesafariMatch1.3.2312.5
ORapplesafariMatch1.3.2312.6
ORapplesafariMatch2
ORapplesafariMatch2.0
ORapplesafariMatch2.0.0
ORapplesafariMatch2.0.1
ORapplesafariMatch2.0.2
ORapplesafariMatch2.0.3
ORapplesafariMatch2.0.3417.8
ORapplesafariMatch2.0.3417.9
ORapplesafariMatch2.0.3417.9.2
ORapplesafariMatch2.0.3417.9.3
ORapplesafariMatch2.0.4
ORapplesafariMatch2.0.4-mac
ORapplesafariMatch3
ORapplesafariMatch3.0
ORapplesafariMatch3.0.0
ORapplesafariMatch3.0.0-mac
ORapplesafariMatch3.0.0b
ORapplesafariMatch3.0.0b-windows
ORapplesafariMatch3.0.1
ORapplesafariMatch3.0.1-mac
ORapplesafariMatch3.0.1beta
ORapplesafariMatch3.0.1b
ORapplesafariMatch3.0.1b-windows
ORapplesafariMatch3.0.2
ORapplesafariMatch3.0.2-mac
ORapplesafariMatch3.0.2b
ORapplesafariMatch3.0.2b-windows
ORapplesafariMatch3.0.3
ORapplesafariMatch3.0.3-mac
ORapplesafariMatch3.0.3b
ORapplesafariMatch3.0.3b-windows
ORapplesafariMatch3.0.4
ORapplesafariMatch3.0.4-mac
ORapplesafariMatch3.0.4b
ORapplesafariMatch3.0.4b-windows
ORapplesafariMatch3.1.0
ORapplesafariMatch3.1.0-mac
ORapplesafariMatch3.1.0b
ORapplesafariMatch3.1.0b-windows
ORapplesafariMatch3.1.1
ORapplesafariMatch3.1.1b-windows
ORapplesafariMatch3.1.2
ORapplesafariMatch3.1.2b-windows
ORapplesafariMatch3.2.0
ORapplesafariMatch3.2.0b-windows
ORapplesafariMatch3.2.1
ORapplesafariMatch3.2.1b-windows
ORapplesafariMatch3.2.2
ORapplesafariMatch3.2.2b-windows
ORapplesafariMatch4.0
ORapplesafariMatch4.0beta
ORapplesafariMatch4.0.0b
ORapplesafariMatch4.0.1
ORapplesafariMatch4.0.2
ORapplesafariMatch4.0.3
ORapplesafariMatch4.0.4
ORapplesafariMatch4.0.5
ORapplesafariMatch4.1
ORapplesafariMatch4.1.1
ORapplesafariMatch4.1.2
ORapplesafariMatch5.0
ORapplesafariMatch5.0.1
ORapplesafariMatch5.0.2
ORapplesafariMatch5.0.4
ORapplesafariMatch5.0.5
ORapplesafariMatch5.0.6
ORapplesafariMatch5.1
ORapplesafariMatch5.1.1
ORapplesafariMatch5.1.2
ORapplesafariMatch5.1.3
ORapplesafariMatch5.1.4
ORapplesafariMatch5.1.5
ORapplesafariMatch5.1.6
ORapplesafariMatch5.1.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | safari | * | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:* |
| apple | safari | 1.0.0 | cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:* |
| apple | safari | 1.0.0b1 | cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:* |
| apple | safari | 1.0.0b2 | cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:* |
| apple | safari | 1.0.1 | cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:* |
| apple | safari | 1.0.2 | cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:* |
| apple | safari | 1.0.3 | cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2012-3714
2012-09-20 21:55:02
prion
prion
Code injection
2012-09-20 21:55:00
cvelist
cvelist
CVE-2012-3714
2012-09-20 21:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (Oct 2012) - Mac OS X
2012-10-01 00:00:00
Apple Safari Multiple Vulnerabilities - Oct 2012 (Mac OS X)
2012-10-01 00:00:00
securityvulns
securityvulns
APPLE-SA-2012-09-19-3 Safari 6.0.1
2012-09-24 00:00:00
Apple Safari / WebKit / Google Chrome multiple security vulnerabilities
2012-09-24 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities
2012-09-20 00:00:00
Mac OS X : Safari < 6.0.1 Multiple Vulnerabilities
2012-09-20 00:00:00
Safari < 6.0.1 Multiple Vulnerabilities
2012-09-20 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.003
Percentile
70.7%
Related for CVE-2012-3714