var-200807-0312
Vulnerability from variot
Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. Apple Safari is prone to a vulnerability that allows attackers to set cookies for certain domain extensions. The browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks. Safari 3.1.2 is vulnerable; other versions may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Apple Safari Cross-Domain Cookie Injection Vulnerability
SECUNIA ADVISORY ID: SA31128
VERIFY ADVISORY: http://secunia.com/advisories/31128/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From remote
SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari for Windows 3.x http://secunia.com/product/17978/
DESCRIPTION: A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions. This can e.g. be exploited to fix a session by setting a known session ID in a cookie, which the browser sends to all web sites operating under an affected domain (e.g. co.uk, com.au).
The vulnerability is confirmed in Apple Safari for Windows 3.1.2.
SOLUTION: Do not browse untrusted web sites or follow untrusted links.
PROVIDED AND/OR DISCOVERED BY: kuza55
ORIGINAL ADVISORY: http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-350A
Apple Updates for Multiple Vulnerabilities
Original release date: December 15, 2008 Last revised: -- Source: US-CERT
Systems Affected
* Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
* Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)
Overview
Apple has released Security Update 2008-008 and Mac OS X version 10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
I. Description
Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6 address a number of vulnerabilities affecting Apple Mac OS X and Mac OS X Server versions prior to and including 10.4.11 and 10.5.5. The update also addresses vulnerabilities in other vendors' products that ship with Apple Mac OS X or Mac OS X Server.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation.
III. Solution
Install Apple Security Update 2008-008 or Apple Mac OS X version 10.5.6. These and other updates are available via Software Update or via Apple Downloads.
IV. References
-
Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/
-
About the security content of Security Update 2008-008 / Mac OS X v10.5.6 - https://support.apple.com/kb/HT3338
-
Mac OS X: Updating your software - https://support.apple.com/kb/HT1338?viewlocale=en_US
-
Apple Downloads - http://support.apple.com/downloads/
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-350A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-350A Feedback VU#901332" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
December 15, 2008: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200807-0312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5 to v10.5.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5 to v10.5.5"
},
{
"model": "safari",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
}
],
"sources": [
{
"db": "BID",
"id": "30192"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kuza55",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3170",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2008-3170",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-33295",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3170",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3170",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200807-230",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33295",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33295"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user\u0027s HTTP session, aka \"Cross-Site Cooking,\" a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. Apple Safari is prone to a vulnerability that allows attackers to set cookies for certain domain extensions. \nThe browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks. \nSafari 3.1.2 is vulnerable; other versions may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Cross-Domain Cookie Injection Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31128\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31128/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSafari 3.x\nhttp://secunia.com/product/17989/\nSafari for Windows 3.x\nhttp://secunia.com/product/17978/\n\nDESCRIPTION:\nA vulnerability has been discovered in Apple Safari, which can be\nexploited by malicious people to bypass certain security\nrestrictions. This can e.g. be\nexploited to fix a session by setting a known session ID in a cookie,\nwhich the browser sends to all web sites operating under an affected\ndomain (e.g. co.uk, com.au). \n\nThe vulnerability is confirmed in Apple Safari for Windows 3.1.2. \n\nSOLUTION:\nDo not browse untrusted web sites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nkuza55\n\nORIGINAL ADVISORY:\nhttp://kuza55.blogspot.com/2008/07/some-random-safari-notes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA08-350A\n\n\nApple Updates for Multiple Vulnerabilities\n\n Original release date: December 15, 2008\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)\n * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard)\n\n\nOverview\n\n Apple has released Security Update 2008-008 and Mac OS X version\n 10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X\n and Mac OS X Server. Attackers could exploit these vulnerabilities\n to execute arbitrary code, gain access to sensitive information, or\n cause a denial of service. \n\n\nI. Description\n\n Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6\n address a number of vulnerabilities affecting Apple Mac OS X and\n Mac OS X Server versions prior to and including 10.4.11 and 10.5.5. \n The update also addresses vulnerabilities in other vendors\u0027\n products that ship with Apple Mac OS X or Mac OS X Server. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. Potential consequences\n include arbitrary code execution, sensitive information disclosure,\n denial of service, or privilege escalation. \n\n\nIII. Solution\n\n Install Apple Security Update 2008-008 or Apple Mac OS X version\n 10.5.6. These and other updates are available via Software Update\n or via Apple Downloads. \n\n\nIV. References\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n * About the security content of Security Update 2008-008 / Mac OS X\n v10.5.6 -\n \u003chttps://support.apple.com/kb/HT3338\u003e\n\n * Mac OS X: Updating your software -\n \u003chttps://support.apple.com/kb/HT1338?viewlocale=en_US\u003e\n\n * Apple Downloads - \u003chttp://support.apple.com/downloads/\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA08-350A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-350A Feedback VU#901332\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2008 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n December 15, 2008: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK\ng4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2\nESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon\nCjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d\nfI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE\nljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw==\n=yvkk\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3170"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "BID",
"id": "30192"
},
{
"db": "VULHUB",
"id": "VHN-33295"
},
{
"db": "PACKETSTORM",
"id": "68437"
},
{
"db": "PACKETSTORM",
"id": "73037"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "30192",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2008-3170",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31128",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA08-350A",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2008-3444",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1020539",
"trust": 2.5
},
{
"db": "XF",
"id": "43839",
"trust": 1.4
},
{
"db": "USCERT",
"id": "SA08-350A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200807-230",
"trust": 0.7
},
{
"db": "MISC",
"id": "HTTP://KUZA55.BLOGSPOT.COM/2008/07/SOME-RANDOM-SAFARI-NOTES.HTML",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA08-350A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-12-15",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33295",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68437",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "73037",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33295"
},
{
"db": "BID",
"id": "30192"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "PACKETSTORM",
"id": "68437"
},
{
"db": "PACKETSTORM",
"id": "73037"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"id": "VAR-200807-0312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33295"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:28:33.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3338",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3338"
},
{
"title": "HT3338",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3338?viewlocale=ja_JP"
},
{
"title": "TA08-350A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-350a.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33295"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/30192"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-350a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31128"
},
{
"trust": 2.1,
"url": "http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html"
},
{
"trust": 1.9,
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008//dec/msg00000.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3338"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020539"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/43839"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43839"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3170"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-350a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-350a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3170"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id?1020539"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-350a.html"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/3444"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31128/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17978/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17989/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht3338\u003e"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht1338?viewlocale=en_us\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-350a.html\u003e"
},
{
"trust": 0.1,
"url": "http://support.apple.com/downloads/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33295"
},
{
"db": "BID",
"id": "30192"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "PACKETSTORM",
"id": "68437"
},
{
"db": "PACKETSTORM",
"id": "73037"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33295"
},
{
"db": "BID",
"id": "30192"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"db": "PACKETSTORM",
"id": "68437"
},
{
"db": "PACKETSTORM",
"id": "73037"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-33295"
},
{
"date": "2008-07-12T00:00:00",
"db": "BID",
"id": "30192"
},
{
"date": "2009-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"date": "2008-07-23T22:36:39",
"db": "PACKETSTORM",
"id": "68437"
},
{
"date": "2008-12-16T00:25:46",
"db": "PACKETSTORM",
"id": "73037"
},
{
"date": "2008-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"date": "2008-07-14T23:41:00",
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-33295"
},
{
"date": "2008-12-17T20:11:00",
"db": "BID",
"id": "30192"
},
{
"date": "2009-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-002210"
},
{
"date": "2009-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-230"
},
{
"date": "2024-11-21T00:48:37.037000",
"db": "NVD",
"id": "CVE-2008-3170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari In HTTP Session hijack vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-002210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-230"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…