CVE-2007-0478 (GCVE-0-2007-0478)

Vulnerability from cvelistv5

Published

2007-01-25 00:00

Modified

2024-08-07 12:19

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-8vcm-pr88-gpf9

Vulnerability from github

Published

2022-05-01 17:44

Modified

2022-05-01 17:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-25T00:28:00Z",
    "severity": "MODERATE"
  },
  "details": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.",
  "id": "GHSA-8vcm-pr88-gpf9",
  "modified": "2022-05-01T17:44:36Z",
  "published": "2022-05-01T17:44:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0478"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32712"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23893"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018494"
    },
    {
      "type": "WEB",
      "url": "http://www.beanfuzz.com/wordpress/?p=99"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-0478

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0478

Aliases

CVE-2007-0478

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0478",
    "description": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.",
    "id": "GSD-2007-0478",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-0478.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0478"
      ],
      "details": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.",
      "id": "GSD-2007-0478",
      "modified": "2023-12-13T01:21:35.390742Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0478",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2732",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2732"
          },
          {
            "name": "23893",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23893"
          },
          {
            "name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2007-07-31",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
          },
          {
            "name": "32712",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32712"
          },
          {
            "name": "1018494",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018494"
          },
          {
            "name": "http://www.beanfuzz.com/wordpress/?p=99",
            "refsource": "MISC",
            "url": "http://www.beanfuzz.com/wordpress/?p=99"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306172",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306172"
          },
          {
            "name": "25159",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25159"
          },
          {
            "name": "safari-html-comment-xss(31846)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
          },
          {
            "name": "26235",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26235"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0478"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.beanfuzz.com/wordpress/?p=99",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.beanfuzz.com/wordpress/?p=99"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306172",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306172"
            },
            {
              "name": "APPLE-SA-2007-07-31",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
            },
            {
              "name": "25159",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25159"
            },
            {
              "name": "1018494",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018494"
            },
            {
              "name": "23893",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23893"
            },
            {
              "name": "26235",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26235"
            },
            {
              "name": "32712",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32712"
            },
            {
              "name": "ADV-2007-2732",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2732"
            },
            {
              "name": "safari-html-comment-xss(31846)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
            },
            {
              "name": "20070123 Safari Improperly Parses HTML Documents \u0026 BlogSpot XSS vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-16T16:32Z",
      "publishedDate": "2007-01-25T00:28Z"
    }
  }
}

Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

fkie_cve-2007-0478

Vulnerability from fkie_nvd

Published

2007-01-25 00:28

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306172
cve@mitre.org	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
cve@mitre.org	http://osvdb.org/32712
cve@mitre.org	http://secunia.com/advisories/23893	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26235	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018494
cve@mitre.org	http://www.beanfuzz.com/wordpress/?p=99
cve@mitre.org	http://www.securityfocus.com/archive/1/457763/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25159
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2732
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/31846
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306172
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32712
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23893	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26235	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018494
af854a3a-2127-422b-91ae-364da2661108	http://www.beanfuzz.com/wordpress/?p=99
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457763/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25159
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2732
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/31846

Impacted products

Vendor	Product	Version
apple	mac_os_x	10.3.9
apple	mac_os_x	10.4.10
apple	safari	*
apple	webcore	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "918442A6-677E-47A1-BD22-F0E9FF1E0048",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment."
    },
    {
      "lang": "es",
      "value": "En WebCore en Apple Mac OS X versiones 10.3.9 y 10.4.10, tal como es usado en Safari, no analiza de forma apropiada los comentarios HTML en elementos TITLE, lo que permite a los atacantes remotos conducir ataques de tipo Cross-Site Scripting (XSS) y omitir algunos esquemas de protecci\u00f3n XSS insertando ciertas etiquetas HTML dentro de un comentario HTML."
    }
  ],
  "id": "CVE-2007-0478",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-25T00:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32712"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23893"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018494"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.beanfuzz.com/wordpress/?p=99"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.beanfuzz.com/wordpress/?p=99"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200701-0407

Vulnerability from variot

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.4.10 and prior versions are vulnerable to these issues.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26235

VERIFY ADVISORY: http://secunia.com/advisories/26235/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error within the handling of FTP URIs in CFNetwork can be exploited to run arbitrary FTP commands in context of the user's FTP client, when a user is enticed to click on a specially crafted FTP URI.

2) An input validation error can cause applications using CFNetwork to become vulnerable to HTTP response splitting attacks.

3) A design error exists in the Java interface to CoreAudio, which can be exploited to free arbitrary memory, when a user is enticed to visit a web site containing a specially crafted Java applet.

4) An unspecified error exists in the Java interface to CoreAudio, which can be exploited to read or write out of bounds of the allocated heap by enticing a user to visit a web site containing a specially crafted Java applet.

5) A unspecified error exists in the Java interface to CoreAudio, which can be exploited to instantiate or manipulate objects outside the bounds of the allocated heap, when a user is enticed to visit a web site containing a specially crafted Java applet.

Successful exploitation of vulnerabilities #3 to #5 may allow arbitrary code execution.

For more information: SA13237

7) A boundary error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in iChat can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet.

8) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system.

For more information: SA25800

9) An error within the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code in mDNSResponder can be exploited on the local network to crash the application or to execute arbitrary code, by sending a specially crafted packet.

10) An integer underflow exists in PDFKit within the handling of PDF files in Preview and may be exploited to execute arbitrary code when a user opens a specially crafted PDF file.

11) Multiple vulnerabilities exist in PHP, which can be exploited to disclose potentially sensitive information, to cause a DoS (Denial of Service), to bypass certain security restrictions, to conduct cross-site scripting attacks, or to compromise a vulnerable system.

For more information: SA24814 SA24356 SA24440 SA24505 SA24542 SA25123

12) An error exists in Quartz Composer due to an uninitialized object pointer when handling Quartz Composer files and may be exploited to execute arbitrary code when a specially crafted Quartz Composer file is viewed.

13) Some vulnerabilities exist in Samba, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA25232

14) An unspecified error in Samba can be exploited to bypass file system quotas.

15) Some vulnerabilities in Squirrelmail can be exploited by malicious people to disclose and manipulate certain sensitive information or to conduct cross-site scripting, cross-site request forgery, and script insertion attacks.

For more information: SA16987 SA20406 SA21354 SA23195 SA25200

16) Some vulnerabilities in Apache Tomcat can be exploited by malicious people to conduct cross-site scripting attacks or to bypass certain security restrictions.

For more information: SA24732 SA25383 SA25721

17) An error in WebCore can be exploited to load Java applets even when Java is disabled in the preferences.

18) An error in WebCore can be exploited to conduct cross-site scripting attacks.

For more information see vulnerability #1 in: SA23893

19) An error in WebCore can be exploited by malicious people to gain knowledge of sensitive information.

For more information see vulnerability #2 in: SA23893

20) An error in WebCore when handling properties of certain global objects can be exploited to conduct cross-site scripting attacks when navigating to a new URL with Safari.

21) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL.

This is similar to: SA14164

22) A boundary error in the Perl Compatible Regular Expressions (PCRE) library in WebKit and used by the JavaScript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page.

23) Input validation errors exists in bzgrep and zgrep.

For more information: SA15047

SOLUTION: Apply Security Update 2007-007.

Security Update 2007-007 (10.4.10 Server Universal): http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html

Security Update 2007-007 (10.4.10 Universal): http://www.apple.com/support/downloads/securityupdate200700710410universal.html

Security Update 2007-007 (10.4.10 Server PPC): http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html

Security Update 2007-007 (10.4.10 PPC): http://www.apple.com/support/downloads/securityupdate200700710410ppc.html

Security Update 2007-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070071039server.html

Security Update 2007-007 (10.3.9): http://www.apple.com/support/downloads/securityupdate20070071039.html

PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Kramer, sprintteam.nl. 14) The vendor credits Mike Matz, Wyomissing Area School District. 17) The vendor credits Scott Wilde. 19) Secunia Research 22) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators.

ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306172

OTHER REFERENCES: SA13237: http://secunia.com/advisories/13237/

SA15047: http://secunia.com/advisories/15047/

SA16987: http://secunia.com/advisories/16987/

SA20406: http://secunia.com/advisories/20406/

SA21354: http://secunia.com/advisories/21354/

SA22588: http://secunia.com/advisories/22588/

SA23195: http://secunia.com/advisories/23195/

SA23893: http://secunia.com/advisories/23893/

SA24814: http://secunia.com/advisories/24814/

SA24356: http://secunia.com/advisories/24356/

SA24440: http://secunia.com/advisories/24440/

SA24505: http://secunia.com/advisories/24505/

SA24542: http://secunia.com/advisories/24542/

SA24732: http://secunia.com/advisories/24732/

SA25800: http://secunia.com/advisories/25800/

SA25123: http://secunia.com/advisories/25123/

SA25200: http://secunia.com/advisories/25200/

SA25232: http://secunia.com/advisories/25232/

SA25383: http://secunia.com/advisories/25383/

SA25721: http://secunia.com/advisories/25721/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Secunia is proud to announce the availability of the Secunia Software Inspector.

Try it out online: http://secunia.com/software_inspector/

TITLE: Safari HTML Parsing Weakness

SECUNIA ADVISORY ID: SA23893

VERIFY ADVISORY: http://secunia.com/advisories/23893/

CRITICAL: Not critical

IMPACT: Cross Site Scripting

WHERE:

From remote

SOFTWARE: Safari 2.x http://secunia.com/product/5289/

DESCRIPTION: Jose Avila III has discovered a weakness in Safari, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.

The weakness is caused due to an error in the parsing of comments within certain tags of an HTML document. Arbitrary HTML and script code in a comment tag is executed in a user's browser session when preceded by the corresponding closing tag (e.g. the title tag).

Successful exploitation is possible on web sites that allow users to insert unsanitised HTML and script code within a comment into such a tag.

The weakness is confirmed in Safari 2.0.4. Other versions may also be affected.

SOLUTION: Do not browse untrusted sites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-10

                                        http://security.gentoo.org/

Severity: Low Title: KHTML: Cross-site scripting (XSS) vulnerability Date: March 10, 2007 Bugs: #165606 ID: 200703-10

Synopsis

The KHTML component shipped with the KDE libraries is prone to a cross-site scripting (XSS) vulnerability.

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE.

Affected packages

-------------------------------------------------------------------
 Package           /  Vulnerable  /                     Unaffected
-------------------------------------------------------------------

1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8

Description

The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a related issue to the Safari error found by Jose Avila.

Impact

When viewing a HTML page that renders unsanitized attacker-supplied input in the page title, Konqueror and other parts of KDE will execute arbitrary JavaScript code contained in the page title, allowing for the theft of browser session data or cookies.

Workaround

There is no known workaround at this time.

Resolution

All KDElibs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8"

References

[ 1 ] CVE-2007-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 [ 2 ] CVE-2007-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200703-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537

Updated Packages:

Mandriva Linux 2007.0: 7882590402c82ff347205c176380153e 2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm 01c4eb64ef06a8a8759843be0c07a920 2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm e63e9a2d3a07d3f2cfa20e495a5b1010 2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm 1ad276143d78de84b08606a815eecda9 2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64: 081d768881b4f012e75854738189327d 2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm 051e3625e87627e52c47590961523b51 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm 6a2b0171144925bd21073553816f33b1 2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm ae2202556fccf0bb820ed3e8401825ec 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm 34ee09ad1644f5685f6ebb6e7e214939 2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm

Corporate 3.0: 6afd1be3e42d77e131e44f9ed969c80e corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm c00a10231de66159fecb2106e56ec1ca corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm 733852a68f994ace4eb35017342443fb corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm

Corporate 3.0/X86_64: 418170a92387d41c49f3d32c91c97c9b corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm 590e047f677eb717c40a9e2fd77590e8 corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm ec04fe80ee4a983e1ad98f54d75681af corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm 4d4c9fee93b93f2c76f5092ff5ef23f3 corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm

Corporate 4.0: 2dc94e4e225b74d3f2e283b04c836273 corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm 826d76e2f3d50f48513ed18c4360dd67 corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm f7dad3711d9406d1123428f2c0cd9453 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm 88f0164705a9d71f21c3c4edfe7822b2 corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm e00f9222203a3c51a747a694e3ab32c7 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 88d9b2f945bd62aa89b5f7743320cc0a corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm c1e462eaeb2127939d0d3775fb7a04a4 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm a559376fde6f8513904010fc377293e7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm d97e4c4dd9859b6e43f3399e3e2c5fa1 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm f3e43bca041aeca542bba33a0bac1d43 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm 79690e9ab56836b4adc7a4d59bb872db corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc 7PYBsjk/ZTsogFdYFeWPWdc= =r0d9 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200701-0407",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "webcore",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.9 and  10.4.10"
      },
      {
        "model": "safari",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "webcore",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.10"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "5.10"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.10"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "fuji",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "f...",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10"
      },
      {
        "model": "home",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "linux enterprise server sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux professional x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10.2"
      },
      {
        "model": "linux personal x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10.2"
      },
      {
        "model": "unitedlinux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "suse linux standard server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "suse linux school server for i386",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "suse linux retail solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "8.0"
      },
      {
        "model": "suse linux openexchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.0"
      },
      {
        "model": "suse linux open-xchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "4.1"
      },
      {
        "model": "suse core for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9x86"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "office server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux professional oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "linux professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "linux personal oss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "linux personal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "linux openexchange server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "linux office server",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "linux enterprise server for s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux enterprise server for s/390",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "1.0"
      },
      {
        "model": "linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10"
      },
      {
        "model": "linux database server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1x86-64"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1x86"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0x86-64"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0x86"
      },
      {
        "model": "linux ppc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "2007.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "libkhtml",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "4.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.1"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.1"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.3"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.2-6"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.1"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.5"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.4"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.3"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.1"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1"
      },
      {
        "model": "konqueror b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.3"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.1"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.2.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.2.1"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1.2"
      },
      {
        "model": "konqueror",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.4"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4.3"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.5"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.4"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.3"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1.2"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.0.1"
      },
      {
        "model": "kdelibs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.0"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.6"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.5"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.4"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.5"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.4"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.5"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.4"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.2"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1"
      },
      {
        "model": "b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.4"
      },
      {
        "model": "a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.3"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.2.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.2.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.0.1"
      },
      {
        "model": "beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.0"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "2.0"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "1.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "1.1.2"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "1.1.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kde",
        "version": "1.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "safari rss pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "mobile safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage job workload server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.1"
      },
      {
        "model": "interstage business application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage apworks modelers-j edition 6.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server web-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "5.0"
      },
      {
        "model": "interstage application server web-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "4.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "5.0"
      },
      {
        "model": "interstage application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "4.0"
      },
      {
        "model": "interstage application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "3.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "5.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "5.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "4.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22428"
      },
      {
        "db": "BID",
        "id": "23020"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:webcore",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-0478",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-0478",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-23840",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-0478",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-0478",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-420",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-23840",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. \nExploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. \nAll versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. Apple Mac OS X is prone to multiple security vulnerabilities. \nThese issues affect Mac OS X and various applications, including CFNetwork, CoreAudio, iChat, mDNSResponder, PDFKit, Quartz Composer, Samba, and WebCore. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. \nApple Mac OS X 10.4.10 and prior versions are vulnerable to these issues. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26235\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26235/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Spoofing, Manipulation of\ndata, Exposure of sensitive information, Privilege escalation, DoS,\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error within the handling of FTP URIs in CFNetwork can be\nexploited to run arbitrary FTP commands in context of the user\u0027s FTP\nclient, when a user is enticed to click on a specially crafted FTP\nURI. \n\n2) An input validation error can cause applications using CFNetwork\nto become vulnerable to HTTP response splitting attacks. \n\n3) A design error exists in the Java interface to CoreAudio, which\ncan be exploited to free arbitrary memory, when a user is enticed to\nvisit a web site containing a specially crafted Java applet. \n\n4) An unspecified error exists in the Java interface to CoreAudio,\nwhich can be exploited to read or write out of bounds of the\nallocated heap by enticing a user to visit a web site containing a\nspecially crafted Java applet. \n\n5) A unspecified error exists in the Java interface to CoreAudio,\nwhich can be exploited to instantiate or manipulate objects outside\nthe bounds of the allocated heap, when a user is enticed to visit a\nweb site containing a specially crafted Java applet. \n\nSuccessful exploitation of vulnerabilities #3 to #5 may allow\narbitrary code execution. \n\nFor more information:\nSA13237\n\n7) A boundary error within the UPnP IGD (Internet Gateway Device\nStandardized Device Control Protocol) code in iChat can be exploited\non the local network to crash the application or to execute arbitrary\ncode, by sending a specially crafted packet. \n\n8) Some vulnerabilities in Kerberos can be exploited by malicious\nusers and malicious people to compromise a vulnerable system. \n\nFor more information:\nSA25800\n\n9) An error within the UPnP IGD (Internet Gateway Device Standardized\nDevice Control Protocol) code in mDNSResponder can be exploited on the\nlocal network to crash the application or to execute arbitrary code,\nby sending a specially crafted packet. \n\n10) An integer underflow exists in PDFKit within the handling of PDF\nfiles in Preview and may be exploited to execute arbitrary code when\na user opens a specially crafted PDF file. \n\n11) Multiple vulnerabilities exist in PHP, which can be exploited to\ndisclose potentially sensitive information, to cause a DoS (Denial of\nService), to bypass certain security restrictions, to conduct\ncross-site scripting attacks, or to compromise a vulnerable system. \n\nFor more information:\nSA24814\nSA24356\nSA24440\nSA24505\nSA24542\nSA25123\n\n12) An error exists in Quartz Composer due to an uninitialized object\npointer when handling Quartz Composer files and may be exploited to\nexecute arbitrary code when a specially crafted Quartz Composer file\nis viewed. \n\n13) Some vulnerabilities exist in Samba, which can be exploited by\nmalicious people to compromise a vulnerable system. \n\nFor more information:\nSA25232\n\n14) An unspecified error in Samba can be exploited to bypass file\nsystem quotas. \n\n15) Some vulnerabilities in Squirrelmail can be exploited by\nmalicious people to disclose and manipulate certain sensitive\ninformation or to conduct cross-site scripting, cross-site request\nforgery, and script insertion attacks. \n\nFor more information:\nSA16987\nSA20406\nSA21354\nSA23195\nSA25200\n\n16) Some vulnerabilities in Apache Tomcat can be exploited by\nmalicious people to conduct cross-site scripting attacks or to bypass\ncertain security restrictions. \n\nFor more information:\nSA24732\nSA25383\nSA25721\n\n17) An error in WebCore can be exploited to load Java applets even\nwhen Java is disabled in the preferences. \n\n18) An error in WebCore can be exploited to conduct cross-site\nscripting attacks. \n\nFor more information see vulnerability #1 in:\nSA23893\n\n19) An error in WebCore can be exploited by malicious people to gain\nknowledge of sensitive information. \n\nFor more information see vulnerability #2 in:\nSA23893\n\n20) An error in WebCore when handling properties of certain global\nobjects can be exploited to conduct cross-site scripting attacks when\nnavigating to a new URL with Safari. \n\n21) An error in WebKit within in the handling of International Domain\nName (IDN) support and Unicode fonts embedded in Safari can be\nexploited to spoof a URL. \n\nThis is similar to:\nSA14164\n\n22) A boundary error in the Perl Compatible Regular Expressions\n(PCRE) library in WebKit and used by the JavaScript engine in Safari\ncan be exploited to cause a heap-based buffer overflow when a user\nvisits a malicious web page. \n\n23) Input validation errors exists in bzgrep and  zgrep. \n\nFor more information:\nSA15047\n\nSOLUTION:\nApply Security Update 2007-007. \n\nSecurity Update 2007-007 (10.4.10 Server Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html\n\nSecurity Update 2007-007 (10.4.10 Universal):\nhttp://www.apple.com/support/downloads/securityupdate200700710410universal.html\n\nSecurity Update 2007-007 (10.4.10 Server PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700710410serverppc.html\n\nSecurity Update 2007-007 (10.4.10 PPC):\nhttp://www.apple.com/support/downloads/securityupdate200700710410ppc.html\n\nSecurity Update 2007-007 (10.3.9 Server):\nhttp://www.apple.com/support/downloads/securityupdate20070071039server.html\n\nSecurity Update 2007-007 (10.3.9):\nhttp://www.apple.com/support/downloads/securityupdate20070071039.html\n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Steven Kramer, sprintteam.nl. \n14) The vendor credits Mike Matz, Wyomissing Area School District. \n17) The vendor credits Scott Wilde. \n19) Secunia Research\n22) The vendor credits Charlie Miller and Jake Honoroff of\nIndependent Security Evaluators. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306172\n\nOTHER REFERENCES:\nSA13237:\nhttp://secunia.com/advisories/13237/\n\nSA15047:\nhttp://secunia.com/advisories/15047/\n\nSA16987:\nhttp://secunia.com/advisories/16987/\n\nSA20406:\nhttp://secunia.com/advisories/20406/\n\nSA21354:\nhttp://secunia.com/advisories/21354/\n\nSA22588:\nhttp://secunia.com/advisories/22588/\n\nSA23195:\nhttp://secunia.com/advisories/23195/\n\nSA23893:\nhttp://secunia.com/advisories/23893/\n\nSA24814:\nhttp://secunia.com/advisories/24814/\n\nSA24356:\nhttp://secunia.com/advisories/24356/\n\nSA24440:\nhttp://secunia.com/advisories/24440/\n\nSA24505:\nhttp://secunia.com/advisories/24505/\n\nSA24542:\nhttp://secunia.com/advisories/24542/\n\nSA24732:\nhttp://secunia.com/advisories/24732/\n\nSA25800:\nhttp://secunia.com/advisories/25800/\n\nSA25123:\nhttp://secunia.com/advisories/25123/\n\nSA25200:\nhttp://secunia.com/advisories/25200/\n\nSA25232:\nhttp://secunia.com/advisories/25232/\n\nSA25383:\nhttp://secunia.com/advisories/25383/\n\nSA25721:\nhttp://secunia.com/advisories/25721/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nTry it out online:\nhttp://secunia.com/software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nSafari HTML Parsing Weakness\n\nSECUNIA ADVISORY ID:\nSA23893\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/23893/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSafari 2.x\nhttp://secunia.com/product/5289/\n\nDESCRIPTION:\nJose Avila III has discovered a weakness in Safari, which can\npotentially be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nThe weakness is caused due to an error in the parsing of comments\nwithin certain tags of an HTML document. Arbitrary HTML and script\ncode in a comment tag is executed in a user\u0027s browser session when\npreceded by the corresponding closing tag (e.g. the title tag). \n\nSuccessful exploitation is possible on web sites that allow users to\ninsert unsanitised HTML and script code within a comment into such a\ntag. \n\nThe weakness is confirmed in Safari 2.0.4. Other versions may also be\naffected. \n\nSOLUTION:\nDo not browse untrusted sites. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200703-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Low\n     Title: KHTML: Cross-site scripting (XSS) vulnerability\n      Date: March 10, 2007\n      Bugs: #165606\n        ID: 200703-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nThe KHTML component shipped with the KDE libraries is prone to a\ncross-site scripting (XSS) vulnerability. \n\nBackground\n==========\n\nKDE is a feature-rich graphical desktop environment for Linux and\nUnix-like Operating Systems. KHTML is the HTML interpreter used in\nKonqueror and other parts of KDE. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /  Vulnerable  /                     Unaffected\n    -------------------------------------------------------------------\n  1  kde-base/kdelibs     \u003c 3.5.5-r8                       \u003e= 3.5.5-r8\n\nDescription\n===========\n\nThe KHTML code allows for the execution of JavaScript code located\ninside the \"Title\" HTML element, a related issue to the Safari error\nfound by Jose Avila. \n\nImpact\n======\n\nWhen viewing a HTML page that renders unsanitized attacker-supplied\ninput in the page title, Konqueror and other parts of KDE will execute\narbitrary JavaScript code contained in the page title, allowing for the\ntheft of browser session data or cookies. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll KDElibs users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=kde-base/kdelibs-3.5.5-r8\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2007-0537\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537\n  [ 2 ] CVE-2007-0478\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200703-10.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n Updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 7882590402c82ff347205c176380153e  2007.0/i586/kdelibs-common-3.5.4-19.2mdv2007.0.i586.rpm\n 01c4eb64ef06a8a8759843be0c07a920  2007.0/i586/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.i586.rpm\n e63e9a2d3a07d3f2cfa20e495a5b1010  2007.0/i586/libkdecore4-3.5.4-19.2mdv2007.0.i586.rpm\n 1ad276143d78de84b08606a815eecda9  2007.0/i586/libkdecore4-devel-3.5.4-19.2mdv2007.0.i586.rpm \n 34ee09ad1644f5685f6ebb6e7e214939  2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 081d768881b4f012e75854738189327d  2007.0/x86_64/kdelibs-common-3.5.4-19.2mdv2007.0.x86_64.rpm\n 051e3625e87627e52c47590961523b51  2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.2mdv2007.0.x86_64.rpm\n 6a2b0171144925bd21073553816f33b1  2007.0/x86_64/lib64kdecore4-3.5.4-19.2mdv2007.0.x86_64.rpm\n ae2202556fccf0bb820ed3e8401825ec  2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.2mdv2007.0.x86_64.rpm \n 34ee09ad1644f5685f6ebb6e7e214939  2007.0/SRPMS/kdelibs-3.5.4-19.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 6afd1be3e42d77e131e44f9ed969c80e  corporate/3.0/i586/kdelibs-common-3.2-36.17.C30mdk.i586.rpm\n c00a10231de66159fecb2106e56ec1ca  corporate/3.0/i586/libkdecore4-3.2-36.17.C30mdk.i586.rpm\n 733852a68f994ace4eb35017342443fb  corporate/3.0/i586/libkdecore4-devel-3.2-36.17.C30mdk.i586.rpm \n 4d4c9fee93b93f2c76f5092ff5ef23f3  corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 418170a92387d41c49f3d32c91c97c9b  corporate/3.0/x86_64/kdelibs-common-3.2-36.17.C30mdk.x86_64.rpm\n 590e047f677eb717c40a9e2fd77590e8  corporate/3.0/x86_64/lib64kdecore4-3.2-36.17.C30mdk.x86_64.rpm\n ec04fe80ee4a983e1ad98f54d75681af  corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.17.C30mdk.x86_64.rpm \n 4d4c9fee93b93f2c76f5092ff5ef23f3  corporate/3.0/SRPMS/kdelibs-3.2-36.17.C30mdk.src.rpm\n\n Corporate 4.0:\n 2dc94e4e225b74d3f2e283b04c836273  corporate/4.0/i586/kdelibs-arts-3.5.4-2.3.20060mlcs4.i586.rpm\n 826d76e2f3d50f48513ed18c4360dd67  corporate/4.0/i586/kdelibs-common-3.5.4-2.3.20060mlcs4.i586.rpm\n f7dad3711d9406d1123428f2c0cd9453  corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.i586.rpm\n 88f0164705a9d71f21c3c4edfe7822b2  corporate/4.0/i586/libkdecore4-3.5.4-2.3.20060mlcs4.i586.rpm\n e00f9222203a3c51a747a694e3ab32c7  corporate/4.0/i586/libkdecore4-devel-3.5.4-2.3.20060mlcs4.i586.rpm \n 79690e9ab56836b4adc7a4d59bb872db  corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 88d9b2f945bd62aa89b5f7743320cc0a  corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.3.20060mlcs4.x86_64.rpm\n c1e462eaeb2127939d0d3775fb7a04a4  corporate/4.0/x86_64/kdelibs-common-3.5.4-2.3.20060mlcs4.x86_64.rpm\n a559376fde6f8513904010fc377293e7  corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.3.20060mlcs4.x86_64.rpm\n d97e4c4dd9859b6e43f3399e3e2c5fa1  corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.3.20060mlcs4.x86_64.rpm\n f3e43bca041aeca542bba33a0bac1d43  corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.3.20060mlcs4.x86_64.rpm \n 79690e9ab56836b4adc7a4d59bb872db  corporate/4.0/SRPMS/kdelibs-3.5.4-2.3.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFw5r6mqjQ0CJFipgRAnJ4AJ9RqADSMDbkaQkcR9ZPi2ArjF9rtACgrhPc\n7PYBsjk/ZTsogFdYFeWPWdc=\n=r0d9\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "BID",
        "id": "22428"
      },
      {
        "db": "BID",
        "id": "23020"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "PACKETSTORM",
        "id": "53974"
      },
      {
        "db": "PACKETSTORM",
        "id": "55049"
      },
      {
        "db": "PACKETSTORM",
        "id": "54183"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0478",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "25159",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "23893",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "26235",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "32712",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2732",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018494",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20070123 SAFARI IMPROPERLY PARSES HTML DOCUMENTS \u0026 BLOGSPOT XSS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "31846",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2007-07-31",
        "trust": 0.6
      },
      {
        "db": "MISC",
        "id": "HTTP://WWW.BEANFUZZ.COM/WORDPRESS/?P=99",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "22428",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "23020",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "54183",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "55049",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-23840",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58225",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "53974",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "db": "BID",
        "id": "22428"
      },
      {
        "db": "BID",
        "id": "23020"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "PACKETSTORM",
        "id": "53974"
      },
      {
        "db": "PACKETSTORM",
        "id": "55049"
      },
      {
        "db": "PACKETSTORM",
        "id": "54183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "id": "VAR-200701-0407",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      }
    ],
    "trust": 0.26519225
  },
  "last_update_date": "2024-11-23T20:08:12.926000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2007-07-31",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://docs.info.apple.com/article.html?artnum=306172"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25159"
      },
      {
        "trust": 1.7,
        "url": "http://www.beanfuzz.com/wordpress/?p=99"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/32712"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1018494"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/23893"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26235"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/457763/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2732"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31846"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0478"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0478"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/31846"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/457763/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2732"
      },
      {
        "trust": 0.3,
        "url": "http://www.kde.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.konqueror.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.securityfocus.com/archive/1/archive/1/457924/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kde.org/info/security/advisory-20070206-1.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html"
      },
      {
        "trust": 0.3,
        "url": "http://jvn.jp/jp/jvn%2383832818/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/475770"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/23893/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0537"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0537"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0478"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20070071039server.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25721/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410serverppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24440/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24732/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20406/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23195/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/15047/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25383/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24542/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20070071039.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410universal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/13237/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25800/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24814/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25200/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410serveruniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate200700710410ppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21354/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24505/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25232/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25123/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26235/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/16987/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22588/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24356/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5289/"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-200703-10.xml"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "db": "BID",
        "id": "22428"
      },
      {
        "db": "BID",
        "id": "23020"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "PACKETSTORM",
        "id": "53974"
      },
      {
        "db": "PACKETSTORM",
        "id": "55049"
      },
      {
        "db": "PACKETSTORM",
        "id": "54183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "db": "BID",
        "id": "22428"
      },
      {
        "db": "BID",
        "id": "23020"
      },
      {
        "db": "BID",
        "id": "25159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "db": "PACKETSTORM",
        "id": "53974"
      },
      {
        "db": "PACKETSTORM",
        "id": "55049"
      },
      {
        "db": "PACKETSTORM",
        "id": "54183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "date": "2007-02-06T00:00:00",
        "db": "BID",
        "id": "22428"
      },
      {
        "date": "2007-03-19T00:00:00",
        "db": "BID",
        "id": "23020"
      },
      {
        "date": "2007-08-01T00:00:00",
        "db": "BID",
        "id": "25159"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "date": "2007-08-08T04:01:26",
        "db": "PACKETSTORM",
        "id": "58225"
      },
      {
        "date": "2007-01-27T01:46:45",
        "db": "PACKETSTORM",
        "id": "53974"
      },
      {
        "date": "2007-03-14T00:54:51",
        "db": "PACKETSTORM",
        "id": "55049"
      },
      {
        "date": "2007-02-06T04:21:11",
        "db": "PACKETSTORM",
        "id": "54183"
      },
      {
        "date": "2006-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "date": "2007-01-25T00:28:00",
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-23840"
      },
      {
        "date": "2015-03-19T09:23:00",
        "db": "BID",
        "id": "22428"
      },
      {
        "date": "2007-03-19T20:14:00",
        "db": "BID",
        "id": "23020"
      },
      {
        "date": "2007-08-08T00:34:00",
        "db": "BID",
        "id": "25159"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      },
      {
        "date": "2024-11-21T00:25:57.933000",
        "db": "NVD",
        "id": "CVE-2007-0478"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "22428"
      },
      {
        "db": "BID",
        "id": "23020"
      },
      {
        "db": "BID",
        "id": "25159"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Safari Used in  WebCore Vulnerable to cross-site scripting attacks",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001442"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "53974"
      },
      {
        "db": "PACKETSTORM",
        "id": "54183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-420"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0478 (GCVE-0-2007-0478)

Vulnerability from cvelistv5

ghsa-8vcm-pr88-gpf9

Vulnerability from github

gsd-2007-0478

Vulnerability from gsd

CERTA-2007-AVI-340

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2007-0478

Vulnerability from fkie_nvd

var-200701-0407

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature