cvelistv5 - cve-2007-3742

cve-2007-3742

Vulnerability from cvelistv5

Published

2007-08-03 20:00

Modified

2024-08-07 14:28

Severity ?

EPSS score ?

0.42% (0.60993)

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306173	Patch
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306174	Patch
cve@mitre.org	http://isc.sans.org/diary.html?storyid=3214
cve@mitre.org	http://secunia.com/advisories/26287	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/24636	Exploit, Patch
cve@mitre.org	http://www.securitytracker.com/id?1018488
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2730
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2731
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35716
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306173	Patch
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306174	Patch
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=3214
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26287	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24636	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018488
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2730
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2731
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35716

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T14:28:52.248Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://docs.info.apple.com/article.html?artnum=306173",
               },
               {
                  name: "24636",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/24636",
               },
               {
                  name: "ADV-2007-2730",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/2730",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://docs.info.apple.com/article.html?artnum=306174",
               },
               {
                  name: "26287",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26287",
               },
               {
                  name: "1018488",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1018488",
               },
               {
                  name: "ADV-2007-2731",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/2731",
               },
               {
                  name: "safari-idn-url-spoofing(35716)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://isc.sans.org/diary.html?storyid=3214",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-07-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://docs.info.apple.com/article.html?artnum=306173",
            },
            {
               name: "24636",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/24636",
            },
            {
               name: "ADV-2007-2730",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/2730",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://docs.info.apple.com/article.html?artnum=306174",
            },
            {
               name: "26287",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26287",
            },
            {
               name: "1018488",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1018488",
            },
            {
               name: "ADV-2007-2731",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/2731",
            },
            {
               name: "safari-idn-url-spoofing(35716)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://isc.sans.org/diary.html?storyid=3214",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-3742",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://docs.info.apple.com/article.html?artnum=306173",
                     refsource: "CONFIRM",
                     url: "http://docs.info.apple.com/article.html?artnum=306173",
                  },
                  {
                     name: "24636",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/24636",
                  },
                  {
                     name: "ADV-2007-2730",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/2730",
                  },
                  {
                     name: "http://docs.info.apple.com/article.html?artnum=306174",
                     refsource: "CONFIRM",
                     url: "http://docs.info.apple.com/article.html?artnum=306174",
                  },
                  {
                     name: "26287",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/26287",
                  },
                  {
                     name: "1018488",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1018488",
                  },
                  {
                     name: "ADV-2007-2731",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/2731",
                  },
                  {
                     name: "safari-idn-url-spoofing(35716)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
                  },
                  {
                     name: "http://isc.sans.org/diary.html?storyid=3214",
                     refsource: "MISC",
                     url: "http://isc.sans.org/diary.html?storyid=3214",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-3742",
      datePublished: "2007-08-03T20:00:00",
      dateReserved: "2007-07-12T00:00:00",
      dateUpdated: "2024-08-07T14:28:52.248Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2007-3742\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-03T20:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \\\"look-alike characters\\\" (homographs) and possibly perform phishing attacks.\"},{\"lang\":\"es\",\"value\":\"WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International Domain Name o IDN) y las fuentes Unicode, lo cual permite a atacantes remotos crear un URL conteniendo \\\"caracteres con apariencia similar\\\" (homógrafos), y posiblemente realizar ataques de fraude (phishing).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"},{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F382364-1B45-4C62-AB29-A20512AA77D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.2\",\"matchCriteriaId\":\"192775DA-2242-4347-9C83-34CFEDA7E1CC\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=306173\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306174\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://isc.sans.org/diary.html?storyid=3214\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26287\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/24636\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018488\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2730\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2731\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35716\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://isc.sans.org/diary.html?storyid=3214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/24636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2730\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}

gsd-2007-3742

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-3742

Aliases

CVE-2007-3742

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2007-3742",
      description: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
      id: "GSD-2007-3742",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2007-3742",
         ],
         details: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
         id: "GSD-2007-3742",
         modified: "2023-12-13T01:21:41.542552Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2007-3742",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "http://docs.info.apple.com/article.html?artnum=306173",
                  refsource: "CONFIRM",
                  url: "http://docs.info.apple.com/article.html?artnum=306173",
               },
               {
                  name: "24636",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/24636",
               },
               {
                  name: "ADV-2007-2730",
                  refsource: "VUPEN",
                  url: "http://www.vupen.com/english/advisories/2007/2730",
               },
               {
                  name: "http://docs.info.apple.com/article.html?artnum=306174",
                  refsource: "CONFIRM",
                  url: "http://docs.info.apple.com/article.html?artnum=306174",
               },
               {
                  name: "26287",
                  refsource: "SECUNIA",
                  url: "http://secunia.com/advisories/26287",
               },
               {
                  name: "1018488",
                  refsource: "SECTRACK",
                  url: "http://www.securitytracker.com/id?1018488",
               },
               {
                  name: "ADV-2007-2731",
                  refsource: "VUPEN",
                  url: "http://www.vupen.com/english/advisories/2007/2731",
               },
               {
                  name: "safari-idn-url-spoofing(35716)",
                  refsource: "XF",
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
               },
               {
                  name: "http://isc.sans.org/diary.html?storyid=3214",
                  refsource: "MISC",
                  url: "http://isc.sans.org/diary.html?storyid=3214",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "3.0.2",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-3742",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-16",
                        },
                        {
                           lang: "en",
                           value: "CWE-59",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://isc.sans.org/diary.html?storyid=3214",
                     refsource: "MISC",
                     tags: [],
                     url: "http://isc.sans.org/diary.html?storyid=3214",
                  },
                  {
                     name: "http://docs.info.apple.com/article.html?artnum=306173",
                     refsource: "CONFIRM",
                     tags: [
                        "Patch",
                     ],
                     url: "http://docs.info.apple.com/article.html?artnum=306173",
                  },
                  {
                     name: "http://docs.info.apple.com/article.html?artnum=306174",
                     refsource: "CONFIRM",
                     tags: [
                        "Patch",
                     ],
                     url: "http://docs.info.apple.com/article.html?artnum=306174",
                  },
                  {
                     name: "24636",
                     refsource: "BID",
                     tags: [
                        "Exploit",
                        "Patch",
                     ],
                     url: "http://www.securityfocus.com/bid/24636",
                  },
                  {
                     name: "1018488",
                     refsource: "SECTRACK",
                     tags: [],
                     url: "http://www.securitytracker.com/id?1018488",
                  },
                  {
                     name: "26287",
                     refsource: "SECUNIA",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://secunia.com/advisories/26287",
                  },
                  {
                     name: "ADV-2007-2731",
                     refsource: "VUPEN",
                     tags: [],
                     url: "http://www.vupen.com/english/advisories/2007/2731",
                  },
                  {
                     name: "ADV-2007-2730",
                     refsource: "VUPEN",
                     tags: [],
                     url: "http://www.vupen.com/english/advisories/2007/2730",
                  },
                  {
                     name: "safari-idn-url-spoofing(35716)",
                     refsource: "XF",
                     tags: [],
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 8.6,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: true,
            },
         },
         lastModifiedDate: "2017-07-29T01:32Z",
         publishedDate: "2007-08-03T20:17Z",
      },
   },
}

cve-2007-3742

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Safari URL spoofing vulnerability

Details

Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN16018033/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3742
	BID	http://www.securityfocus.com/bid/24636
	XF	http://xforce.iss.net/xforce/xfdb/35716
	FRSIRT	http://www.frsirt.com/english/advisories/2007/2730
	Resource Management Errors(CWE-399)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Link Following(CWE-59)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apple Inc.	Safari
	Apple Inc.	iPhone

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html",
   "dc:date": "2008-05-21T00:00+09:00",
   "dcterms:issued": "2008-05-21T00:00+09:00",
   "dcterms:modified": "2008-05-21T00:00+09:00",
   description: "Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar.\r\n\r\nApple's Safari is a web browser installed as default with Mac OS X.\r\n\r\nThere is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. \r\nThis could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.",
   link: "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000560.html",
   "sec:cpe": [
      {
         "#text": "cpe:/a:apple:safari",
         "@product": "Safari",
         "@vendor": "Apple Inc.",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/h:apple:iphone",
         "@product": "iPhone",
         "@vendor": "Apple Inc.",
         "@version": "2.2",
      },
   ],
   "sec:cvss": {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0",
   },
   "sec:identifier": "JVNDB-2007-000560",
   "sec:references": [
      {
         "#text": "http://jvn.jp/en/jp/JVN16018033/index.html",
         "@id": "JVN#16018033",
         "@source": "JVN",
      },
      {
         "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742",
         "@id": "CVE-2007-3742",
         "@source": "CVE",
      },
      {
         "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3742",
         "@id": "CVE-2007-3742",
         "@source": "NVD",
      },
      {
         "#text": "http://www.securityfocus.com/bid/24636",
         "@id": "24636",
         "@source": "BID",
      },
      {
         "#text": "http://xforce.iss.net/xforce/xfdb/35716",
         "@id": "35716",
         "@source": "XF",
      },
      {
         "#text": "http://www.frsirt.com/english/advisories/2007/2730",
         "@id": "FrSIRT/ADV-2007-2730",
         "@source": "FRSIRT",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-399",
         "@title": "Resource Management Errors(CWE-399)",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-59",
         "@title": "Link Following(CWE-59)",
      },
   ],
   title: "Safari URL spoofing vulnerability",
}

fkie_cve-2007-3742

Vulnerability from fkie_nvd

Published

2007-08-03 20:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306173	Patch
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306174	Patch
cve@mitre.org	http://isc.sans.org/diary.html?storyid=3214
cve@mitre.org	http://secunia.com/advisories/26287	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/24636	Exploit, Patch
cve@mitre.org	http://www.securitytracker.com/id?1018488
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2730
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2731
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35716
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306173	Patch
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306174	Patch
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?storyid=3214
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26287	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24636	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018488
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2730
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2731
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35716

Impacted products

	Vendor	Product	Version
	apple	iphone	1.0
	apple	safari	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F382364-1B45-4C62-AB29-A20512AA77D9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
                     matchCriteriaId: "192775DA-2242-4347-9C83-34CFEDA7E1CC",
                     versionEndIncluding: "3.0.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
      },
      {
         lang: "es",
         value: "WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International Domain Name o IDN) y las fuentes Unicode, lo cual permite a atacantes remotos crear un URL conteniendo \"caracteres con apariencia similar\" (homógrafos), y posiblemente realizar ataques de fraude (phishing).",
      },
   ],
   id: "CVE-2007-3742",
   lastModified: "2025-04-09T00:30:58.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2007-08-03T20:17:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://docs.info.apple.com/article.html?artnum=306173",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://docs.info.apple.com/article.html?artnum=306174",
      },
      {
         source: "cve@mitre.org",
         url: "http://isc.sans.org/diary.html?storyid=3214",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/26287",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/24636",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1018488",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/2730",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/2731",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://docs.info.apple.com/article.html?artnum=306173",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://docs.info.apple.com/article.html?artnum=306174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://isc.sans.org/diary.html?storyid=3214",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/26287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/24636",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1018488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/2730",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/2731",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-16",
            },
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

var-200708-0453

Vulnerability from variot

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.As it is difficult for Safari users to tell whether the displayed URL is spoofed or not, an attacker could possibly conduct phising attacks. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. This issue affects Apple Safari 3.0.2 for Windows; other versions may also be affected. The iPhone is reported to be affected in the APPLE-SA-2007-07-31 iPhone v1.0.1 Update security advisory.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Apple iPhone Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26287

VERIFY ADVISORY: http://secunia.com/advisories/26287/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Spoofing, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/

DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, and potentially to compromise a vulnerable system.

2) A boundary error in the Perl Compatible Regular Expressions (PCRE) library used by the Javascript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page.

Successful exploitation may allow execution of arbitrary code.

3) An HTTP injection issue in XMLHttpRequest can be exploited to inject arbitrary HTTP requests.

5) An invalid type conversion when rendering frame sets may allow execution of arbitrary code.

For more information see vulnerability #1 in: SA25786

SOLUTION: Update to version 1.0.1 (downloadable and installable via iTunes).

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. 2) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. 3) The vendor credits Richard Moore, Westpoint Ltd. 5) The vendor credits Rhys Kidd, Westnet.

ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306173

OTHER REFERENCES: SA25786: http://secunia.com/advisories/25786/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200708-0453",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: null,
            scope: null,
            trust: 2.4,
            vendor: "apple computer",
            version: null,
         },
         {
            model: "safari",
            scope: "lte",
            trust: 1,
            vendor: "apple",
            version: "3.0.2",
         },
         {
            model: "iphone",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "v1.0",
         },
         {
            model: "safari",
            scope: "lte",
            trust: 0.8,
            vendor: "apple",
            version: "3.0.2  (mac os x, windows xp / vista)",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for mac os x (mac os x 10.3.x and mac os x 10.4.x)",
         },
         {
            model: "iphone",
            scope: "eq",
            trust: 0.6,
            vendor: "apple",
            version: "1.0",
         },
         {
            model: "safari beta for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "3.0.2",
         },
         {
            model: "safari beta",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "3.0.2",
         },
         {
            model: "iphone",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "1",
         },
         {
            model: "safari beta for windows",
            scope: "ne",
            trust: 0.3,
            vendor: "apple",
            version: "3.0.3",
         },
         {
            model: "safari beta",
            scope: "ne",
            trust: 0.3,
            vendor: "apple",
            version: "3.0.3",
         },
         {
            model: "iphone",
            scope: "ne",
            trust: 0.3,
            vendor: "apple",
            version: "1.0.1",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            db: "BID",
            id: "24636",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/h:apple:iphone",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:apple:safari",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Robert Swiecki reported this issue.",
      sources: [
         {
            db: "BID",
            id: "24636",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2007-3742",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2007-3742",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 1,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "IPA",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2007-000560",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-27104",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2007-3742",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#289988",
                  trust: 0.8,
                  value: "0.47",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#845708",
                  trust: 0.8,
                  value: "0.57",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#389868",
                  trust: 0.8,
                  value: "2.55",
               },
               {
                  author: "IPA",
                  id: "JVNDB-2007-000560",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200708-036",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-27104",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks. Apple Safari contains a race condition when handling HTTP redirection when updating pages.  This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.As it is difficult for Safari users to tell whether the displayed URL is spoofed or not, an attacker could possibly conduct phising attacks. \nAttackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. \nThis issue affects Apple Safari 3.0.2 for Windows; other versions may also be affected. \nThe iPhone is reported to be affected in the APPLE-SA-2007-07-31 iPhone v1.0.1 Update security advisory. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iPhone Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26287\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26287/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n>From remote\n\nOPERATING SYSTEM:\nApple iPhone 1.x\nhttp://secunia.com/product/15128/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple iPhone, which can be\nexploited by malicious people to conduct cross-site scripting and\nspoofing attacks, and potentially to compromise a vulnerable system. \n\n2) A boundary error in the Perl Compatible Regular Expressions (PCRE)\nlibrary used by the Javascript engine in Safari can be exploited to\ncause a heap-based buffer overflow when a user visits a malicious web\npage. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n3) An HTTP injection issue in XMLHttpRequest can be exploited to\ninject arbitrary HTTP requests. \n\n5) An invalid type conversion when rendering frame sets may allow\nexecution of arbitrary code. \n\nFor more information see vulnerability #1 in:\nSA25786\n\nSOLUTION:\nUpdate to version 1.0.1 (downloadable and installable via iTunes). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of\nAdobe Systems, Inc. \n2) The vendor credits Charlie Miller and Jake Honoroff of Independent\nSecurity Evaluators. \n3) The vendor credits Richard Moore, Westpoint Ltd. \n5) The vendor credits Rhys Kidd, Westnet. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306173\n\nOTHER REFERENCES:\nSA25786:\nhttp://secunia.com/advisories/25786/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "BID",
            id: "24636",
         },
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            db: "PACKETSTORM",
            id: "58223",
         },
      ],
      trust: 4.23,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "SECUNIA",
            id: "26287",
            trust: 4.2,
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
            trust: 2.8,
         },
         {
            db: "BID",
            id: "24636",
            trust: 2.8,
         },
         {
            db: "SECTRACK",
            id: "1018488",
            trust: 1.7,
         },
         {
            db: "VUPEN",
            id: "ADV-2007-2730",
            trust: 1.7,
         },
         {
            db: "VUPEN",
            id: "ADV-2007-2731",
            trust: 1.7,
         },
         {
            db: "SECUNIA",
            id: "25786",
            trust: 1.6,
         },
         {
            db: "XF",
            id: "35716",
            trust: 1.4,
         },
         {
            db: "CERT/CC",
            id: "VU#289988",
            trust: 0.8,
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
            trust: 0.8,
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
            trust: 0.8,
         },
         {
            db: "JVN",
            id: "JVN16018033",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
            trust: 0.7,
         },
         {
            db: "VULHUB",
            id: "VHN-27104",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "58223",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            db: "BID",
            id: "24636",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "PACKETSTORM",
            id: "58223",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   id: "VAR-200708-0453",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T21:12:50.790000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Safari 3 Beta Update 3.0.3",
            trust: 0.8,
            url: "http://docs.info.apple.com/article.html?artnum=306174-en",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-59",
            trust: 1.9,
         },
         {
            problemtype: "CWE-16",
            trust: 1.1,
         },
         {
            problemtype: "CWE-399",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.4,
            url: "http://docs.info.apple.com/article.html?artnum=306173",
         },
         {
            trust: 2.5,
            url: "http://secunia.com/advisories/26287/",
         },
         {
            trust: 2.5,
            url: "http://www.securityfocus.com/bid/24636",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/25786/",
         },
         {
            trust: 1.7,
            url: "http://docs.info.apple.com/article.html?artnum=306174",
         },
         {
            trust: 1.7,
            url: "http://isc.sans.org/diary.html?storyid=3214",
         },
         {
            trust: 1.7,
            url: "http://www.securitytracker.com/id?1018488",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/26287",
         },
         {
            trust: 1.6,
            url: "http://developer.apple.com/opensource/internet/webkit.html",
         },
         {
            trust: 1.6,
            url: "http://docs.info.apple.com/article.html?artnum=305759",
         },
         {
            trust: 1.4,
            url: "http://www.frsirt.com/english/advisories/2007/2730",
         },
         {
            trust: 1.4,
            url: "http://xforce.iss.net/xforce/xfdb/35716",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2007/2730",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2007/2731",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
         },
         {
            trust: 0.8,
            url: "http://www.apple.com/safari/download/",
         },
         {
            trust: 0.8,
            url: "http://www.mozilla.org/projects/security/components/same-origin.html",
         },
         {
            trust: 0.8,
            url: "http://docs.info.apple.com/article.html?artnum=61798",
         },
         {
            trust: 0.8,
            url: "http://www.cert.org/tech_tips/securing_browser/#safari",
         },
         {
            trust: 0.8,
            url: "http://developer.apple.com/internet/webcontent/xmlhttpreq.html",
         },
         {
            trust: 0.8,
            url: "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt",
         },
         {
            trust: 0.8,
            url: "http://webkit.opendarwin.org/",
         },
         {
            trust: 0.8,
            url: "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3742",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/en/jp/jvn16018033/index.html",
         },
         {
            trust: 0.8,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3742",
         },
         {
            trust: 0.6,
            url: "http://www.frsirt.com/english/advisories/2007/2731",
         },
         {
            trust: 0.3,
            url: "http://www.apple.com/safari/",
         },
         {
            trust: 0.3,
            url: "/archive/1/472234",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/secunia_security_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/product/15128/",
         },
         {
            trust: 0.1,
            url: "https://psi.secunia.com/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/about_secunia_advisories/",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            db: "BID",
            id: "24636",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "PACKETSTORM",
            id: "58223",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            db: "BID",
            id: "24636",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            db: "PACKETSTORM",
            id: "58223",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2007-06-25T00:00:00",
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            date: "2007-06-22T00:00:00",
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            date: "2007-06-22T00:00:00",
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            date: "2007-08-03T00:00:00",
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            date: "2007-06-25T00:00:00",
            db: "BID",
            id: "24636",
         },
         {
            date: "2008-05-21T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            date: "2007-08-08T04:01:26",
            db: "PACKETSTORM",
            id: "58223",
         },
         {
            date: "2007-06-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            date: "2007-08-03T20:17:00",
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2007-09-21T00:00:00",
            db: "CERT/CC",
            id: "VU#289988",
         },
         {
            date: "2008-09-08T00:00:00",
            db: "CERT/CC",
            id: "VU#845708",
         },
         {
            date: "2008-06-04T00:00:00",
            db: "CERT/CC",
            id: "VU#389868",
         },
         {
            date: "2017-07-29T00:00:00",
            db: "VULHUB",
            id: "VHN-27104",
         },
         {
            date: "2007-08-01T12:45:00",
            db: "BID",
            id: "24636",
         },
         {
            date: "2008-05-21T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-000560",
         },
         {
            date: "2007-08-06T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
         {
            date: "2024-11-21T00:33:57.320000",
            db: "NVD",
            id: "CVE-2007-3742",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Apple Safari cross-domain HTTP redirection race condition",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#289988",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "configuration error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200708-036",
         },
      ],
      trust: 0.6,
   },
}

ghsa-8vqf-2742-m7gx

Vulnerability from github

Published

2022-05-01 18:16

Modified

2022-05-01 18:16

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2007-3742",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2007-08-03T20:17:00Z",
      severity: "MODERATE",
   },
   details: "WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing \"look-alike characters\" (homographs) and possibly perform phishing attacks.",
   id: "GHSA-8vqf-2742-m7gx",
   modified: "2022-05-01T18:16:51Z",
   published: "2022-05-01T18:16:51Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3742",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35716",
      },
      {
         type: "WEB",
         url: "http://docs.info.apple.com/article.html?artnum=306173",
      },
      {
         type: "WEB",
         url: "http://docs.info.apple.com/article.html?artnum=306174",
      },
      {
         type: "WEB",
         url: "http://isc.sans.org/diary.html?storyid=3214",
      },
      {
         type: "WEB",
         url: "http://secunia.com/advisories/26287",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/24636",
      },
      {
         type: "WEB",
         url: "http://www.securitytracker.com/id?1018488",
      },
      {
         type: "WEB",
         url: "http://www.vupen.com/english/advisories/2007/2730",
      },
      {
         type: "WEB",
         url: "http://www.vupen.com/english/advisories/2007/2731",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2007-3742

Vulnerability from cvelistv5

gsd-2007-3742

Vulnerability from gsd

cve-2007-3742

Vulnerability from jvndb

fkie_cve-2007-3742

Vulnerability from fkie_nvd

var-200708-0453

Vulnerability from variot

ghsa-8vqf-2742-m7gx

Vulnerability from github

Tags

Sightings

Nomenclature