CVE-2005-2517 - Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that

CVE-2005-2517

Summary

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

References

http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

Vulnerable Configurations

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 05-09-2008 - 20:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

refmap via4

apple

APPLE-SA-2005-08-15
APPLE-SA-2005-08-17

Last major update

05-09-2008 - 20:51

Published

19-08-2005 - 04:00

Last modified

05-09-2008 - 20:51