fkie_nvd - fkie_cve-2014-1369

fkie_cve-2014-1369

Vulnerability from fkie_nvd

Published

2014-07-01 10:17

Modified

2025-04-12 10:46

Severity ?

Summary

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.

References

	URL	Tags
	product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html
	product-security@apple.com	http://www.securitytracker.com/id/1030495
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030495

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	6.0
apple	safari	6.0.1
apple	safari	6.0.2
apple	safari	6.0.3
apple	safari	6.0.4
apple	safari	6.0.5
apple	safari	6.1
apple	safari	6.1.1
apple	safari	6.1.2
apple	safari	6.1.3
apple	safari	7.0
apple	safari	7.0.1
apple	safari	7.0.2
apple	safari	7.0.3
apple	safari	7.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36947A2E-93EB-4A44-BFF6-9D9F414D9BB3",
              "versionEndIncluding": "6.1.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA4B009-6BF2-4174-A05C-77B75C45377C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136A760D-2873-4216-AB60-E3D93DE82BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "076B9C00-EFB0-4284-A617-FAEE341F80FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8851ED07-715F-4F6A-AE29-FA95D069F972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65EBA204-5E12-429A-9414-400CBAA0BA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A600193-92E3-4A31-824D-94BC87E513B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74543772-8C0C-4055-BC1E-D7EAA8A55B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77462FFC-4F46-4DE4-BE90-78457B7B4FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F51B6FF0-D566-4348-8A6D-4F13615D5C49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site."
    },
    {
      "lang": "es",
      "value": "WebKit en Apple Safari anterior a 6.1.5 y 7.x anterior a 7.0.5 permite a atacantes remotos asistidos por usuario acceder URLs file: mediante el aprovechamiento de una operaci\u00f3n de arrastrar que origina en un sitio web manipulado."
    }
  ],
  "id": "CVE-2014-1369",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-01T10:17:27.110",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1030495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030495"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-1369 (GCVE-0-2014-1369)

Vulnerability from cvelistv5

Published

2014-07-01 10:00