ID CVE-2012-3715
Summary Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.
References
Vulnerable Configurations
  • Apple Safari 3.0.1 Beta
    cpe:2.3:a:apple:safari:3.0.1:beta
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 3.2.1
    cpe:2.3:a:apple:safari:3.2.1
  • Apple Safari 5.0.4
    cpe:2.3:a:apple:safari:5.0.4
  • Apple Safari 3.2.1b for Windows
    cpe:2.3:a:apple:safari:3.2.1b:-:windows
  • Apple Safari 3.2.0b for Windows
    cpe:2.3:a:apple:safari:3.2.0b:-:windows
  • Apple Safari 3.1.2b for Windows
    cpe:2.3:a:apple:safari:3.1.2b:-:windows
  • Apple Safari 3.1.1b for Windows
    cpe:2.3:a:apple:safari:3.1.1b:-:windows
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 3.2.2b for Windows
    cpe:2.3:a:apple:safari:3.2.2b:-:windows
  • Apple Safari 3.2.2
    cpe:2.3:a:apple:safari:3.2.2
  • Apple Safari 3.2.0
    cpe:2.3:a:apple:safari:3.2.0
  • Apple Safari 5.0
    cpe:2.3:a:apple:safari:5.0
  • Apple Safari 3
    cpe:2.3:a:apple:safari:3
  • Apple Safari 1.1.1
    cpe:2.3:a:apple:safari:1.1.1
  • Apple Safari 5.1.3
    cpe:2.3:a:apple:safari:5.1.3
  • Apple Safari 5.1.4
    cpe:2.3:a:apple:safari:5.1.4
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 3.0.1
    cpe:2.3:a:apple:safari:3.0.1
  • Apple Safari 3.0
    cpe:2.3:a:apple:safari:3.0
  • Apple Safari 3.0.2
    cpe:2.3:a:apple:safari:3.0.2
  • Apple Safari 3.0.3
    cpe:2.3:a:apple:safari:3.0.3
  • Apple Safari 2.0
    cpe:2.3:a:apple:safari:2.0
  • Apple Safari 2.0.1
    cpe:2.3:a:apple:safari:2.0.1
  • Apple Safari 2.0.2
    cpe:2.3:a:apple:safari:2.0.2
  • Apple Safari 2.0.3
    cpe:2.3:a:apple:safari:2.0.3
  • Apple Safari 2.0.4
    cpe:2.3:a:apple:safari:2.0.4
  • Apple Safari 1.3.2
    cpe:2.3:a:apple:safari:1.3.2
  • Apple Safari 3.1.2
    cpe:2.3:a:apple:safari:3.1.2
  • Apple Safari 1.2
    cpe:2.3:a:apple:safari:1.2
  • Apple Safari 1.2.1
    cpe:2.3:a:apple:safari:1.2.1
  • Apple Safari 1.2.2
    cpe:2.3:a:apple:safari:1.2.2
  • Apple Safari 1.2.3
    cpe:2.3:a:apple:safari:1.2.3
  • Apple Safari 1.2.4
    cpe:2.3:a:apple:safari:1.2.4
  • Apple Safari 1.2.5
    cpe:2.3:a:apple:safari:1.2.5
  • Apple Safari 1.3
    cpe:2.3:a:apple:safari:1.3
  • Apple Safari 1.3.1
    cpe:2.3:a:apple:safari:1.3.1
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple Safari 1.1
    cpe:2.3:a:apple:safari:1.1
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 1.0 Beta2
    cpe:2.3:a:apple:safari:1.0:beta2
  • Apple Safari 1.0 Beta
    cpe:2.3:a:apple:safari:1.0:beta
  • Apple Safari 1.0
    cpe:2.3:a:apple:safari:1.0
  • Apple Safari 5.1.1
    cpe:2.3:a:apple:safari:5.1.1
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 3.0.4
    cpe:2.3:a:apple:safari:3.0.4
  • Apple Safari 5.1.2
    cpe:2.3:a:apple:safari:5.1.2
  • Apple Safari 3.1.1
    cpe:2.3:a:apple:safari:3.1.1
  • Apple Safari 5.0.1
    cpe:2.3:a:apple:safari:5.0.1
  • Apple Safari 1.0.3 85.8
    cpe:2.3:a:apple:safari:1.0.3:85.8
  • Apple Safari 1.0.3 85.8.1
    cpe:2.3:a:apple:safari:1.0.3:85.8.1
  • Apple Safari 2.0.3 417.9.2
    cpe:2.3:a:apple:safari:2.0.3:417.9.2
  • Apple Safari 2.0.3 417.9.3
    cpe:2.3:a:apple:safari:2.0.3:417.9.3
  • Apple Safari 2.0.3 417.8
    cpe:2.3:a:apple:safari:2.0.3:417.8
  • Apple Safari 4.1
    cpe:2.3:a:apple:safari:4.1
  • Apple Safari 2.0.3 417.9
    cpe:2.3:a:apple:safari:2.0.3:417.9
  • Apple Safari 1.3.2 312.5
    cpe:2.3:a:apple:safari:1.3.2:312.5
  • Apple Safari 1.3.2 312.6
    cpe:2.3:a:apple:safari:1.3.2:312.6
  • Apple Safari 5.0.5
    cpe:2.3:a:apple:safari:5.0.5
  • Apple Safari 4 Beta
    cpe:2.3:a:apple:safari:4.0:beta
  • Apple Safari 4.1.1
    cpe:2.3:a:apple:safari:4.1.1
  • Apple Safari 5.0.2
    cpe:2.3:a:apple:safari:5.0.2
  • Apple Safari 4.1.2
    cpe:2.3:a:apple:safari:4.1.2
  • Apple Safari 2
    cpe:2.3:a:apple:safari:2
  • Apple Safari 1.0.0
    cpe:2.3:a:apple:safari:1.0.0
  • Apple Safari 1.0.3
    cpe:2.3:a:apple:safari:1.0.3
  • Apple Safari 1.3.0
    cpe:2.3:a:apple:safari:1.3.0
  • Apple Safari 1.2.0
    cpe:2.3:a:apple:safari:1.2.0
  • Apple Safari 1.1.0
    cpe:2.3:a:apple:safari:1.1.0
  • Apple Safari 1.0b1 for Mac OS X
    cpe:2.3:a:apple:safari:1.0b1:-:mac
  • Apple Safari 1.0.2
    cpe:2.3:a:apple:safari:1.0.2
  • Apple Safari 1.0.1
    cpe:2.3:a:apple:safari:1.0.1
  • Apple Safari 1.0.0b2
    cpe:2.3:a:apple:safari:1.0.0b2
  • Apple Safari 1.0.0b1
    cpe:2.3:a:apple:safari:1.0.0b1
  • Apple Safari 3.0.1b
    cpe:2.3:a:apple:safari:3.0.1b
  • Apple Safari 3.0.1 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.1:-:mac
  • Apple Safari 3.0.0b for Windows
    cpe:2.3:a:apple:safari:3.0.0b:-:windows
  • Apple Safari 3.0.0b
    cpe:2.3:a:apple:safari:3.0.0b
  • Apple Safari 3.0.0 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.0:-:mac
  • Apple Safari 3.0.0
    cpe:2.3:a:apple:safari:3.0.0
  • Apple Safari 2.0.4 for Mac OS X
    cpe:2.3:a:apple:safari:2.0.4:-:mac
  • Apple Safari 2.0.0
    cpe:2.3:a:apple:safari:2.0.0
  • Apple Safari 3.0.3 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.3:-:mac
  • Apple Safari 3.0.3b
    cpe:2.3:a:apple:safari:3.0.3b
  • Apple Safari 3.0.3b for Windows
    cpe:2.3:a:apple:safari:3.0.3b:-:windows
  • Apple Safari 3.0.4 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.4:-:mac
  • Apple Safari 3.0.1b for Windows
    cpe:2.3:a:apple:safari:3.0.1b:-:windows
  • Apple Safari
    cpe:2.3:a:apple:safari
  • Apple Safari 3.0.2 for Mac OS X
    cpe:2.3:a:apple:safari:3.0.2:-:mac
  • Apple Safari 3.0.2b
    cpe:2.3:a:apple:safari:3.0.2b
  • Apple Safari 3.0.2b for Windows
    cpe:2.3:a:apple:safari:3.0.2b:-:windows
  • Apple Safari 5.0.6
    cpe:2.3:a:apple:safari:5.0.6
  • Apple Safari 3.1.0b
    cpe:2.3:a:apple:safari:3.1.0b
  • Apple Safari 3.1.0b for Windows
    cpe:2.3:a:apple:safari:3.1.0b:-:windows
  • Apple Safari 5.1
    cpe:2.3:a:apple:safari:5.1
  • Apple Safari 3.0.4b
    cpe:2.3:a:apple:safari:3.0.4b
  • Apple Safari 3.0.4b for Windows
    cpe:2.3:a:apple:safari:3.0.4b:-:windows
  • Apple Safari 3.1.0
    cpe:2.3:a:apple:safari:3.1.0
  • Apple Safari 3.1.0 for Mac OS X
    cpe:2.3:a:apple:safari:3.1.0:-:mac
  • Apple Safari 5.1.5
    cpe:2.3:a:apple:safari:5.1.5
  • Apple Safari 5.1.6
    cpe:2.3:a:apple:safari:5.1.6
  • Apple Safari 5.1.7
    cpe:2.3:a:apple:safari:5.1.7
  • Apple Safari 6.0
    cpe:2.3:a:apple:safari:6.0
CVSS
Base: 4.3 (as of 21-09-2012 - 09:13)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOSX_SAFARI6_0_1.NASL
description The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.1. It is, therefore, potentially affected by several issues : - A logic error in Safari's handling of the Quarantine attribute caused the safe mode not to be triggered on Quarantined files, which could lead to the disclosure of local file contents. (CVE-2012-3713) - A rare condition in the handling of Form Autofill could lead to the disclosure of information from the Address Book 'Me' card that was not included in the Autofill popover. (CVE-2012-3714) - A logic issue in the handling of HTTPS URLs in the address bar when pasting text could result in the request being sent over HTTP. (CVE-2012-3715) - Numerous issues exist in WebKit. (CVE-2011-3105 / CVE-2012-2817 / CVE-2012-2818 / CVE-2012-2829 / CVE-2012-2831 / CVE-2012-2842 / CVE-2012-2843 / CVE-2012-3598 / CVE-2012-3601 / CVE-2012-3602 / CVE-2012-3606 / CVE-2012-3607 / CVE-2012-3612 / CVE-2012-3613 / CVE-2012-3614 / CVE-2012-3616 / CVE-2012-3617 / CVE-2012-3621 / CVE-2012-3622 / CVE-2012-3623 / CVE-2012-3624 / CVE-2012-3632 / CVE-2012-3643 / CVE-2012-3647 / CVE-2012-3648 / CVE-2012-3649 / CVE-2012-3651 / CVE-2012-3652 / CVE-2012-3654 / CVE-2012-3657 / CVE-2012-3658 / CVE-2012-3659 / CVE-2012-3660 / CVE-2012-3671 / CVE-2012-3672 / CVE-2012-3673 / CVE-2012-3675 / CVE-2012-3676 / CVE-2012-3677 / CVE-2012-3684 / CVE-2012-3685 / CVE-2012-3687 / CVE-2012-3688 / CVE-2012-3692 / CVE-2012-3699 / CVE-2012-3700 / CVE-2012-3701 / CVE-2012-3702 / CVE-2012-3703 / CVE-2012-3704 / CVE-2012-3705 / CVE-2012-3706 / CVE-2012-3707 / CVE-2012-3708 / CVE-2012-3709 / CVE-2012-3710 / CVE-2012-3711 / CVE-2012-3712)
last seen 2019-02-21
modified 2018-07-16
plugin id 62216
published 2012-09-20
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=62216
title Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities
refmap via4
apple APPLE-SA-2012-09-19-3
bid 55626
confirm http://support.apple.com/kb/HT5502
osvdb 85655
xf apple-safari-cve20123715(78680)
Last major update 22-03-2013 - 23:12
Published 20-09-2012 - 17:55
Last modified 28-08-2017 - 21:32
Back to Top