cvelistv5 - CVE-2008-3170

CVE-2008-3170 (GCVE-0-2008-3170)

Vulnerability from cvelistv5

Published

2008-07-14 23:00

Modified

2024-08-07 09:28

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
cve@mitre.org	http://secunia.com/advisories/31128
cve@mitre.org	http://support.apple.com/kb/HT3338
cve@mitre.org	http://www.securityfocus.com/bid/30192
cve@mitre.org	http://www.securitytracker.com/id?1020539
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3444
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43839
af854a3a-2127-422b-91ae-364da2661108	http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31128
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3338
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30192
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020539
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3444
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43839

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-3444",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3444"
          },
          {
            "name": "TA08-350A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
          },
          {
            "name": "30192",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30192"
          },
          {
            "name": "31128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31128"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3338"
          },
          {
            "name": "safari-domains-session-hijacking(43839)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
          },
          {
            "name": "APPLE-SA-2008-12-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
          },
          {
            "name": "1020539",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020539"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-3444",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3444"
        },
        {
          "name": "TA08-350A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
        },
        {
          "name": "30192",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30192"
        },
        {
          "name": "31128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31128"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3338"
        },
        {
          "name": "safari-domains-session-hijacking(43839)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
        },
        {
          "name": "APPLE-SA-2008-12-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
        },
        {
          "name": "1020539",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020539"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3170",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-3444",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3444"
            },
            {
              "name": "TA08-350A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
            },
            {
              "name": "30192",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30192"
            },
            {
              "name": "31128",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31128"
            },
            {
              "name": "http://support.apple.com/kb/HT3338",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3338"
            },
            {
              "name": "safari-domains-session-hijacking(43839)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
            },
            {
              "name": "APPLE-SA-2008-12-15",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
            },
            {
              "name": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html",
              "refsource": "MISC",
              "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
            },
            {
              "name": "1020539",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020539"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3170",
    "datePublished": "2008-07-14T23:00:00",
    "dateReserved": "2008-07-14T00:00:00",
    "dateUpdated": "2024-08-07T09:28:41.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3170\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-07-14T23:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \\\"Cross-Site Cooking,\\\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.\"},{\"lang\":\"es\",\"value\":\"Apple Safari permite a los sitios Web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como co.uk Y com.au, esto puede que permita a atacantes remotos realizar un ataque de fijaci\u00f3n de sesi\u00f3n y secuestrar la sesi\u00f3n HTTP de un usuario, tambi\u00e9n conocido como \\\"Cooking en sitios cruzados\\\". Vulnerabilidad relacionada con CVE-2004-0746, CVE-2004-0866 y CVE-2004-0867.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE370CAA-04B3-434E-BD5B-1D87DE596C10\"}]}]}],\"references\":[{\"url\":\"http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31128\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3338\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30192\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020539\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-350A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3444\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43839\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30192\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-350A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/3444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2008-3170

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-3170

Aliases

CVE-2008-3170

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3170",
    "description": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.",
    "id": "GSD-2008-3170"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3170"
      ],
      "details": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.",
      "id": "GSD-2008-3170",
      "modified": "2023-12-13T01:23:05.036145Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3170",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-3444",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/3444"
          },
          {
            "name": "TA08-350A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
          },
          {
            "name": "30192",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30192"
          },
          {
            "name": "31128",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31128"
          },
          {
            "name": "http://support.apple.com/kb/HT3338",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3338"
          },
          {
            "name": "safari-domains-session-hijacking(43839)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
          },
          {
            "name": "APPLE-SA-2008-12-15",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
          },
          {
            "name": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html",
            "refsource": "MISC",
            "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
          },
          {
            "name": "1020539",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020539"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3170"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
            },
            {
              "name": "30192",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30192"
            },
            {
              "name": "1020539",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020539"
            },
            {
              "name": "31128",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31128"
            },
            {
              "name": "TA08-350A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
            },
            {
              "name": "APPLE-SA-2008-12-15",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3338",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3338"
            },
            {
              "name": "ADV-2008-3444",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/3444"
            },
            {
              "name": "safari-domains-session-hijacking(43839)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:31Z",
      "publishedDate": "2008-07-14T23:41Z"
    }
  }
}

De nombreuses vulnérabilités découvertes dans le système d'exploitation Mac OS X permettent à un utilisateur distant de contourner la politique de sécurité, de porter atteinte à la confidentialité des données, d'élever ses privilèges, de provoquer un déni de service ou encore d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server version 10.4.11.
N/A	N/A	Mac OS X Server version 10.5 ;
N/A	N/A	Mac OS X version 10.5 ;
N/A	N/A	Mac OS X version 10.4.11 ;

References

Title

Publication Time

fkie_cve-2008-3170

Vulnerability from fkie_nvd

Published

2008-07-14 23:41

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
cve@mitre.org	http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
cve@mitre.org	http://secunia.com/advisories/31128
cve@mitre.org	http://support.apple.com/kb/HT3338
cve@mitre.org	http://www.securityfocus.com/bid/30192
cve@mitre.org	http://www.securitytracker.com/id?1020539
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/3444
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43839
af854a3a-2127-422b-91ae-364da2661108	http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31128
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3338
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30192
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020539
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-350A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/3444
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43839

Impacted products

	Vendor	Product	Version
	apple	safari	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867."
    },
    {
      "lang": "es",
      "value": "Apple Safari permite a los sitios Web establecer cookies para dominios de nivel superior espec\u00edficos de pa\u00edses, como co.uk Y com.au, esto puede que permita a atacantes remotos realizar un ataque de fijaci\u00f3n de sesi\u00f3n y secuestrar la sesi\u00f3n HTTP de un usuario, tambi\u00e9n conocido como \"Cooking en sitios cruzados\". Vulnerabilidad relacionada con CVE-2004-0746, CVE-2004-0866 y CVE-2004-0867."
    }
  ],
  "id": "CVE-2008-3170",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-07-14T23:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31128"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30192"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020539"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-g3qc-wqfg-m6jq

Vulnerability from github

Published

2022-05-01 23:57

Modified

2022-05-01 23:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3170"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-14T23:41:00Z",
    "severity": "MODERATE"
  },
  "details": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.",
  "id": "GHSA-g3qc-wqfg-m6jq",
  "modified": "2022-05-01T23:57:21Z",
  "published": "2022-05-01T23:57:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3170"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
    },
    {
      "type": "WEB",
      "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31128"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3338"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30192"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020539"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/3444"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-200807-0312

Vulnerability from variot

Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. Apple Safari is prone to a vulnerability that allows attackers to set cookies for certain domain extensions. The browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks. Safari 3.1.2 is vulnerable; other versions may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/

TITLE: Apple Safari Cross-Domain Cookie Injection Vulnerability

SECUNIA ADVISORY ID: SA31128

VERIFY ADVISORY: http://secunia.com/advisories/31128/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From remote

SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari for Windows 3.x http://secunia.com/product/17978/

DESCRIPTION: A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions. This can e.g. be exploited to fix a session by setting a known session ID in a cookie, which the browser sends to all web sites operating under an affected domain (e.g. co.uk, com.au).

The vulnerability is confirmed in Apple Safari for Windows 3.1.2.

SOLUTION: Do not browse untrusted web sites or follow untrusted links.

PROVIDED AND/OR DISCOVERED BY: kuza55

ORIGINAL ADVISORY: http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA08-350A

Apple Updates for Multiple Vulnerabilities

Original release date: December 15, 2008 Last revised: -- Source: US-CERT

Systems Affected

 * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
 * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)

Overview

Apple has released Security Update 2008-008 and Mac OS X version 10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

I. Description

Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6 address a number of vulnerabilities affecting Apple Mac OS X and Mac OS X Server versions prior to and including 10.4.11 and 10.5.5. The update also addresses vulnerabilities in other vendors' products that ship with Apple Mac OS X or Mac OS X Server.

II. Impact

The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation.

III. Solution

Install Apple Security Update 2008-008 or Apple Mac OS X version 10.5.6. These and other updates are available via Software Update or via Apple Downloads.

IV. References

Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/
About the security content of Security Update 2008-008 / Mac OS X v10.5.6 - https://support.apple.com/kb/HT3338
Mac OS X: Updating your software - https://support.apple.com/kb/HT1338?viewlocale=en_US
Apple Downloads - http://support.apple.com/downloads/

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA08-350A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-350A Feedback VU#901332" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2008 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

December 15, 2008: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200807-0312",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5 to  v10.5.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5 to  v10.5.5"
      },
      {
        "model": "safari",
        "scope": null,
        "trust": 0.6,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "30192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "kuza55",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-3170",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-3170",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-33295",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-3170",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-3170",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200807-230",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33295",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. Apple Safari is prone to a vulnerability that allows attackers to set cookies for certain domain extensions. \nThe browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks. \nSafari 3.1.2 is vulnerable; other versions may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Cross-Domain Cookie Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31128\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31128/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSafari 3.x\nhttp://secunia.com/product/17989/\nSafari for Windows 3.x\nhttp://secunia.com/product/17978/\n\nDESCRIPTION:\nA vulnerability has been discovered in Apple Safari, which can be\nexploited by malicious people to bypass certain security\nrestrictions. This can e.g. be\nexploited to fix a session by setting a known session ID in a cookie,\nwhich the browser sends to all web sites operating under an affected\ndomain (e.g. co.uk, com.au). \n\nThe vulnerability is confirmed in Apple Safari for Windows 3.1.2. \n\nSOLUTION:\nDo not browse untrusted web sites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nkuza55\n\nORIGINAL ADVISORY:\nhttp://kuza55.blogspot.com/2008/07/some-random-safari-notes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA08-350A\n\n\nApple Updates for Multiple Vulnerabilities\n\n   Original release date: December 15, 2008\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)\n     * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)\n\n\nOverview\n\n   Apple has released Security Update 2008-008 and Mac OS X version\n   10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X\n   and Mac OS X Server. Attackers could exploit these vulnerabilities\n   to execute arbitrary code, gain access to sensitive information, or\n   cause a denial of service. \n\n\nI. Description\n\n   Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6\n   address a number of vulnerabilities affecting Apple Mac OS X and\n   Mac OS X Server versions prior to and including 10.4.11 and 10.5.5. \n   The update also addresses vulnerabilities in other vendors\u0027\n   products that ship with Apple Mac OS X or Mac OS X Server. \n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. Potential consequences\n   include arbitrary code execution, sensitive information disclosure,\n   denial of service, or privilege escalation. \n\n\nIII. Solution\n\n   Install Apple Security Update 2008-008 or Apple Mac OS X version\n   10.5.6. These and other updates are available via Software Update\n   or via Apple Downloads. \n\n\nIV. References\n\n * Securing Your Web Browser -\n   \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n * About the security content of Security Update 2008-008 / Mac OS X\n   v10.5.6 -\n   \u003chttps://support.apple.com/kb/HT3338\u003e\n\n * Mac OS X: Updating your software -\n   \u003chttps://support.apple.com/kb/HT1338?viewlocale=en_US\u003e\n\n * Apple Downloads - \u003chttp://support.apple.com/downloads/\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA08-350A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA08-350A Feedback VU#901332\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2008 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n  \n  December 15, 2008: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK\ng4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2\nESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon\nCjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d\nfI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE\nljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==\n=yvkk\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "BID",
        "id": "30192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "db": "PACKETSTORM",
        "id": "68437"
      },
      {
        "db": "PACKETSTORM",
        "id": "73037"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "30192",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "31128",
        "trust": 2.6
      },
      {
        "db": "USCERT",
        "id": "TA08-350A",
        "trust": 2.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-3444",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1020539",
        "trust": 2.5
      },
      {
        "db": "XF",
        "id": "43839",
        "trust": 1.4
      },
      {
        "db": "USCERT",
        "id": "SA08-350A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230",
        "trust": 0.7
      },
      {
        "db": "MISC",
        "id": "HTTP://KUZA55.BLOGSPOT.COM/2008/07/SOME-RANDOM-SAFARI-NOTES.HTML",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA08-350A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-12-15",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-33295",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "68437",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "73037",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "db": "BID",
        "id": "30192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "PACKETSTORM",
        "id": "68437"
      },
      {
        "db": "PACKETSTORM",
        "id": "73037"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "id": "VAR-200807-0312",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:28:33.778000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3338",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3338"
      },
      {
        "title": "HT3338",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3338?viewlocale=ja_JP"
      },
      {
        "title": "TA08-350A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-350a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/30192"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-350a.html"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/31128"
      },
      {
        "trust": 2.1,
        "url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.vupen.com/english/advisories/2008/3444"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2008//dec/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht3338"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1020539"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/43839"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3170"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-350a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-350a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3170"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1020539"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-350a.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/3444"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31128/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/about_secunia/64/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17978/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17989/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht3338\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1338?viewlocale=en_us\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-350a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/downloads/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "db": "BID",
        "id": "30192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "PACKETSTORM",
        "id": "68437"
      },
      {
        "db": "PACKETSTORM",
        "id": "73037"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "db": "BID",
        "id": "30192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "db": "PACKETSTORM",
        "id": "68437"
      },
      {
        "db": "PACKETSTORM",
        "id": "73037"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "date": "2008-07-12T00:00:00",
        "db": "BID",
        "id": "30192"
      },
      {
        "date": "2009-01-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "date": "2008-07-23T22:36:39",
        "db": "PACKETSTORM",
        "id": "68437"
      },
      {
        "date": "2008-12-16T00:25:46",
        "db": "PACKETSTORM",
        "id": "73037"
      },
      {
        "date": "2008-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "date": "2008-07-14T23:41:00",
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33295"
      },
      {
        "date": "2008-12-17T20:11:00",
        "db": "BID",
        "id": "30192"
      },
      {
        "date": "2009-01-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      },
      {
        "date": "2009-01-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      },
      {
        "date": "2024-11-21T00:48:37.037000",
        "db": "NVD",
        "id": "CVE-2008-3170"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari In  HTTP Session hijack vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002210"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-230"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3170 (GCVE-0-2008-3170)

Vulnerability from cvelistv5

gsd-2008-3170

Vulnerability from gsd

CERTA-2008-AVI-603

Vulnerability from certfr_avis

Solution

fkie_cve-2008-3170

Vulnerability from fkie_nvd

ghsa-g3qc-wqfg-m6jq

Vulnerability from github

var-200807-0312

Vulnerability from variot

Tags

Sightings

Nomenclature