PRIOn knowledge basePRION:CVE-2007-4692

HistoryNov 15, 2007 - 12:46 a.m.

Authentication flaw

2007-11-1500:46:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON

The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.

CPENameOperatorVersion
safarile3.0.3
safarieq3.0
safarieq3.0.2

Name	Operator	Version
safari	le	3.0.3
safari	eq	3.0
safari	eq	3.0.2

References

docs.info.apple.com/article.html?artnum=307041

lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

lists.apple.com/archives/security-announce/2007/Nov/msg00003.html

osvdb.org/40662

secunia.com/advisories/27643

www.securityfocus.com/bid/26444

www.securityfocus.com/bid/26447

www.us-cert.gov/cas/techalerts/TA07-319A.html

www.vupen.com/english/advisories/2007/3868

exchange.xforce.ibmcloud.com/vulnerabilities/38460