cvelistv5 - cve-2007-3944

CVE-2007-3944 (GCVE-0-2007-3944)

Vulnerability from cvelistv5

Published

2007-07-23 16:00

Modified

2024-08-07 14:37

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306173
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306174
cve@mitre.org	http://secunia.com/advisories/26287	Vendor Advisory
cve@mitre.org	http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin
cve@mitre.org	http://www.securityevaluators.com/iphone/
cve@mitre.org	http://www.securityevaluators.com/iphone/exploitingiphone.pdf
cve@mitre.org	http://www.securityfocus.com/bid/25002
cve@mitre.org	http://www.securitytracker.com/id?1018439
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2730	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2731	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35577
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306173
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306174
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26287	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin
af854a3a-2127-422b-91ae-364da2661108	http://www.securityevaluators.com/iphone/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityevaluators.com/iphone/exploitingiphone.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25002
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018439
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2730	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2731	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35577

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:37:05.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306173"
          },
          {
            "name": "25002",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25002"
          },
          {
            "name": "iphone-safari-bo(35577)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
          },
          {
            "name": "ADV-2007-2730",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2730"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityevaluators.com/iphone/"
          },
          {
            "name": "1018439",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018439"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306174"
          },
          {
            "name": "26287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26287"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
          },
          {
            "name": "ADV-2007-2731",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2731"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306173"
        },
        {
          "name": "25002",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25002"
        },
        {
          "name": "iphone-safari-bo(35577)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
        },
        {
          "name": "ADV-2007-2730",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2730"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityevaluators.com/iphone/"
        },
        {
          "name": "1018439",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018439"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306174"
        },
        {
          "name": "26287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26287"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
        },
        {
          "name": "ADV-2007-2731",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2731"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306173",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306173"
            },
            {
              "name": "25002",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25002"
            },
            {
              "name": "iphone-safari-bo(35577)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
            },
            {
              "name": "ADV-2007-2730",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2730"
            },
            {
              "name": "http://www.securityevaluators.com/iphone/",
              "refsource": "MISC",
              "url": "http://www.securityevaluators.com/iphone/"
            },
            {
              "name": "1018439",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018439"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306174",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306174"
            },
            {
              "name": "26287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26287"
            },
            {
              "name": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin",
              "refsource": "MISC",
              "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
            },
            {
              "name": "ADV-2007-2731",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2731"
            },
            {
              "name": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf",
              "refsource": "MISC",
              "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3944",
    "datePublished": "2007-07-23T16:00:00",
    "dateReserved": "2007-07-23T00:00:00",
    "dateUpdated": "2024-08-07T14:37:05.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3944\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-07-23T16:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca de Perl Compatible Regular Expressions (PCRE) en el motor de JavaScript en WebKit en Apple Safari versi\u00f3n 3 Beta anterior al Update 3.0.3 y iPhone versiones anteriores a 1.0.1, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de cierto expresiones regulares de JavaScript. NOTA: este problema se report\u00f3 originalmente solo para MobileSafari en el iPhone. NOTA: no est\u00e1 claro si esto es debido a un problema en la distribuci\u00f3n original de PCRE, que ya podr\u00eda tener un identificador CVE por separado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A33F900-D405-40A8-A0A5-3C80320FF6E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461EFB63-7933-488C-BB4E-7C913364F5A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.0\",\"matchCriteriaId\":\"F1C626E5-6835-41C8-91A3-F4FB0A36DBFD\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=306173\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306174\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26287\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityevaluators.com/iphone/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityevaluators.com/iphone/exploitingiphone.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25002\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018439\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2730\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2731\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35577\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306174\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityevaluators.com/iphone/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityevaluators.com/iphone/exploitingiphone.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018439\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2730\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2007-3944

Vulnerability from fkie_nvd

Published

2007-07-23 16:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306173
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306174
cve@mitre.org	http://secunia.com/advisories/26287	Vendor Advisory
cve@mitre.org	http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin
cve@mitre.org	http://www.securityevaluators.com/iphone/
cve@mitre.org	http://www.securityevaluators.com/iphone/exploitingiphone.pdf
cve@mitre.org	http://www.securityfocus.com/bid/25002
cve@mitre.org	http://www.securitytracker.com/id?1018439
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2730	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2731	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35577
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306173
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306174
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26287	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1&adxnnl=1&adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw&oref=slogin
af854a3a-2127-422b-91ae-364da2661108	http://www.securityevaluators.com/iphone/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityevaluators.com/iphone/exploitingiphone.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25002
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018439
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2730	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2731	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35577

Impacted products

Vendor	Product	Version
apple	safari	3.0
apple	webkit	*
apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461EFB63-7933-488C-BB4E-7C913364F5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1C626E5-6835-41C8-91A3-F4FB0A36DBFD",
              "versionEndIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca de Perl Compatible Regular Expressions (PCRE) en el motor de JavaScript en WebKit en Apple Safari versi\u00f3n 3 Beta anterior al Update 3.0.3 y iPhone versiones anteriores a 1.0.1, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de cierto expresiones regulares de JavaScript. NOTA: este problema se report\u00f3 originalmente solo para MobileSafari en el iPhone. NOTA: no est\u00e1 claro si esto es debido a un problema en la distribuci\u00f3n original de PCRE, que ya podr\u00eda tener un identificador CVE por separado."
    }
  ],
  "id": "CVE-2007-3944",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-23T16:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306173"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306174"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26287"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityevaluators.com/iphone/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25002"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018439"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2730"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2731"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityevaluators.com/iphone/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. The researchers responsible for discovering this issue have developed exploit code that can steal sensitive information from a vulnerable device and send it to a remote server. Another proof of concept that exploits the same issue can be used to perform physical actions on the phone such as making a sound or setting the phone to vibrate. The researchers have not yet disclosed the complete details of this vulnerability but will do so as part of a presentation for the BlackHat security conference on August 2, 2007. This issue also affects Safari on other platforms including Windows and Mac OS X. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. Remote attackers may use this vulnerability to control the user system by enticing users to visit malicious web pages.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Apple iPhone Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26287

VERIFY ADVISORY: http://secunia.com/advisories/26287/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Spoofing, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/

DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, and potentially to compromise a vulnerable system.

Successful exploitation may allow execution of arbitrary code.

3) An HTTP injection issue in XMLHttpRequest can be exploited to inject arbitrary HTTP requests.

For more information see vulnerability #2 in: SA25786

4) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL by registering domain names with certain international characters that resembles other commonly used characters.

5) An invalid type conversion when rendering frame sets may allow execution of arbitrary code.

For more information see vulnerability #1 in: SA25786

SOLUTION: Update to version 1.0.1 (downloadable and installable via iTunes).

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. 2) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. 3) The vendor credits Richard Moore, Westpoint Ltd. 5) The vendor credits Rhys Kidd, Westnet.

ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306173

OTHER REFERENCES: SA25786: http://secunia.com/advisories/25786/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200707-0129",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "webkit",
        "scope": null,
        "trust": 1.4,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "webkit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1"
      },
      {
        "model": "safari beta for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "BID",
        "id": "25002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:webkit",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Charlie Miller, Jake Honoroff, and Joshua Mason discovered this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "25002"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-3944",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-3944",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-27306",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-3944",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#289988",
            "trust": 0.8,
            "value": "0.47"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845708",
            "trust": 0.8,
            "value": "0.57"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#389868",
            "trust": 0.8,
            "value": "2.55"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-3944",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200707-403",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27306",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. Apple Safari contains a race condition when handling HTTP redirection when updating pages.  This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. \nThe researchers responsible for discovering this issue have developed exploit code that can steal sensitive information from a vulnerable device and send it to a remote server.  Another proof of concept that exploits the same issue can be used to perform physical actions on the phone such as making a sound or setting the phone to vibrate.  The researchers have not yet disclosed the complete details of this vulnerability but will do so as part of a presentation for the BlackHat security conference on August 2, 2007. \nThis issue also affects Safari on other platforms including Windows and Mac OS X. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. Remote attackers may use this vulnerability to control the user system by enticing users to visit malicious web pages. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iPhone Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26287\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26287/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple iPhone 1.x\nhttp://secunia.com/product/15128/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple iPhone, which can be\nexploited by malicious people to conduct cross-site scripting and\nspoofing attacks, and potentially to compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n3) An HTTP injection issue in XMLHttpRequest can be exploited to\ninject arbitrary HTTP requests. \n\nFor more information see vulnerability #2 in:\nSA25786\n\n4) An error in WebKit within in the handling of International Domain\nName (IDN) support and Unicode fonts embedded in Safari can be\nexploited to spoof a URL by registering domain names with certain\ninternational characters that resembles other commonly used\ncharacters. \n\n5) An invalid type conversion when rendering frame sets may allow\nexecution of arbitrary code. \n\nFor more information see vulnerability #1 in:\nSA25786\n\nSOLUTION:\nUpdate to version 1.0.1 (downloadable and installable via iTunes). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of\nAdobe Systems, Inc. \n2) The vendor credits Charlie Miller and Jake Honoroff of Independent\nSecurity Evaluators. \n3) The vendor credits Richard Moore, Westpoint Ltd. \n5) The vendor credits Rhys Kidd, Westnet. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306173\n\nOTHER REFERENCES:\nSA25786:\nhttp://secunia.com/advisories/25786/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      },
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "BID",
        "id": "25002"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      }
    ],
    "trust": 4.23
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "26287",
        "trust": 4.2
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "25002",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1018439",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2730",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2731",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "25786",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#289988",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "35577",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-27306",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58223",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "db": "BID",
        "id": "25002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "id": "VAR-200707-0129",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:51:31.856000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.apple.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://docs.info.apple.com/article.html?artnum=306173"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/26287/"
      },
      {
        "trust": 2.0,
        "url": "http://www.securityevaluators.com/iphone/"
      },
      {
        "trust": 2.0,
        "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25786/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25002"
      },
      {
        "trust": 1.7,
        "url": "http://docs.info.apple.com/article.html?artnum=306174"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018439"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26287"
      },
      {
        "trust": 1.6,
        "url": "http://developer.apple.com/opensource/internet/webkit.html"
      },
      {
        "trust": 1.6,
        "url": "http://docs.info.apple.com/article.html?artnum=305759"
      },
      {
        "trust": 1.6,
        "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1otsrjvbyllamj17fy2wnw\u0026oref=slogin"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2730"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/2731"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
      },
      {
        "trust": 0.8,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.8,
        "url": "http://www.mozilla.org/projects/security/components/same-origin.html"
      },
      {
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=61798"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/tech_tips/securing_browser/#safari"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/internet/webcontent/xmlhttpreq.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"
      },
      {
        "trust": 0.8,
        "url": "http://webkit.opendarwin.org/"
      },
      {
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3944"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3944"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35577"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2731"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2730"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.1,
        "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026amp;adxnnl=1\u0026amp;adxnnlx=1185163364-1otsrjvbyllamj17fy2wnw\u0026amp;oref=slogin"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15128/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "db": "BID",
        "id": "25002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "db": "BID",
        "id": "25002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "date": "2007-06-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "date": "2007-06-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "date": "2007-07-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "date": "2007-07-23T00:00:00",
        "db": "BID",
        "id": "25002"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "date": "2007-08-08T04:01:26",
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "date": "2007-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "date": "2007-07-23T16:30:00",
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-09-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "date": "2008-09-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "date": "2008-06-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27306"
      },
      {
        "date": "2007-08-01T12:45:00",
        "db": "BID",
        "id": "25002"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002391"
      },
      {
        "date": "2007-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      },
      {
        "date": "2024-11-21T00:34:25.730000",
        "db": "NVD",
        "id": "CVE-2007-3944"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari cross-domain HTTP redirection race condition",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200707-403"
      }
    ],
    "trust": 0.6
  }
}

ghsa-rqq2-rvvw-7vm3

Vulnerability from github

Published

2022-05-01 18:18

Modified

2025-04-09 03:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-23T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.",
  "id": "GHSA-rqq2-rvvw-7vm3",
  "modified": "2025-04-09T03:44:22Z",
  "published": "2022-05-01T18:18:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3944"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306173"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306174"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26287"
    },
    {
      "type": "WEB",
      "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
    },
    {
      "type": "WEB",
      "url": "http://www.securityevaluators.com/iphone"
    },
    {
      "type": "WEB",
      "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25002"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018439"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2730"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-340

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :

bzip2 : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
CFNetwork : un clic sur une addresse malicieusement formée permet l'exécution de commandes FTP arbitraires à distance ;
CoreAudio : une page Web malicieusement créée permet à l'aide d'une applet Java d'exécuter du code arbitraire à distance;
cscope : des vulnérabilités concernant un dépassement de mémoire et la création de fichiers temporaires dangereux ont été corrigées ;
gnuzip : un nom d'archive malicieusement formé permet l'exécution de code arbitraire à distance ;
iChat : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
Kerberos : des vulnérabilités pouvant provoquer un déni de service ou l'exécution de code arbitraire à distance ont été corrigées ;
mDNSResponder : un dépassement de mémoire permet de provoquer un déni de service à distance ou l'exécution de code arbitraire à distance au sein d'un même sous réseau ;
PDFKit : l'ouverture d'un document malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
PHP : plusieurs vulnérabilités touchant PHP 4.4.4 ont été corrigées ;
Quartz Composer : l'ouverture d'un fichier Quartz malicieusement créé permet un déni de service de l'application ou l'exécution de code arbitraire ;
Samba : lorsque le partage de fichiers Windows est activé, un utilisateur non authentifié peut, à distance, provoquer un déni de service, exécuter du code ou des commandes arbitraires et contourner la politique de sécurité ;
SquirrelMail : plusieurs vulnérabilités dont au moins une permettant une attaque de type cross-site scripting ont été corrigées ;
Tomcat : plusieurs vulnérabilités dont certaines permettant des attaques de type cross-site scripting et l'atteinte à la confidentialité des données ont été corrigées ;
WebCore : des vulnérabilités permettant l'exécution d'applets Java alors que celui-ci est désactivé et permettant la réalisation d'attaques de type cross-site scripting ont été corrigées ;
WebKit : l'ouverture d'une page Web malicieusement créée permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X Server v10.3.9 ;
Apple	N/A	Apple Mac OS X Server v10.4.10.
Apple	N/A	Apple Mac OS X v10.4.10 ;
Apple	N/A	Apple Mac OS X v10.3.9 ;

References

Title

Publication Time

gsd-2007-3944

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-3944

Aliases

CVE-2007-3944

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3944",
    "description": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.",
    "id": "GSD-2007-3944"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3944"
      ],
      "details": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.",
      "id": "GSD-2007-3944",
      "modified": "2023-12-13T01:21:42.179528Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3944",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306173",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306173"
          },
          {
            "name": "25002",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25002"
          },
          {
            "name": "iphone-safari-bo(35577)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
          },
          {
            "name": "ADV-2007-2730",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2730"
          },
          {
            "name": "http://www.securityevaluators.com/iphone/",
            "refsource": "MISC",
            "url": "http://www.securityevaluators.com/iphone/"
          },
          {
            "name": "1018439",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018439"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306174",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306174"
          },
          {
            "name": "26287",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26287"
          },
          {
            "name": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin",
            "refsource": "MISC",
            "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
          },
          {
            "name": "ADV-2007-2731",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2731"
          },
          {
            "name": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf",
            "refsource": "MISC",
            "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3944"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone.  NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                },
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.nytimes.com/2007/07/23/technology/23iphone.html?_r=1\u0026adxnnl=1\u0026adxnnlx=1185163364-1OTsRJvbylLamj17FY2wnw\u0026oref=slogin"
            },
            {
              "name": "http://www.securityevaluators.com/iphone/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.securityevaluators.com/iphone/"
            },
            {
              "name": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.securityevaluators.com/iphone/exploitingiphone.pdf"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306173",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306173"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306174",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306174"
            },
            {
              "name": "25002",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25002"
            },
            {
              "name": "1018439",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018439"
            },
            {
              "name": "26287",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26287"
            },
            {
              "name": "ADV-2007-2731",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2731"
            },
            {
              "name": "ADV-2007-2730",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2730"
            },
            {
              "name": "iphone-safari-bo(35577)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35577"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:32Z",
      "publishedDate": "2007-07-23T16:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3944 (GCVE-0-2007-3944)

Vulnerability from cvelistv5

fkie_cve-2007-3944

Vulnerability from fkie_nvd

var-200707-0129

Vulnerability from variot

ghsa-rqq2-rvvw-7vm3

Vulnerability from github

CERTA-2007-AVI-340

Vulnerability from certfr_avis

Description

Solution

gsd-2007-3944

Vulnerability from gsd

Tags

Sightings

Nomenclature