var-201003-0124
Vulnerability from variot
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Safari is prone to a configuration-bypass weakness that affects the PubSub component of Safari. A successful attack will result in the bypass of intended security settings. This may result in a false sense of security. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. This issue affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP, and Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability 35451 LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability 38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability 38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability 38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability 38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness 38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability 38684 WebKit CSS 'format()' Arguments Memory Corruption Vulnerability 38687 WebKit Object Element Fallback Memory Corruption Vulnerability 38688 WebKit XML Document Parsing Memory Corruption Vulnerability 38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability 38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability 38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability 38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability 38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability 38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201003-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0.0b"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.2,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.5"
}
],
"sources": [
{
"db": "BID",
"id": "38675"
},
{
"db": "BID",
"id": "38671"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthew Jurczyk Billy Rios Robert Swiecki robert@swiecki.net wushi wooshi@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
}
],
"trust": 0.6
},
"cve": "CVE-2010-0044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2010-0044",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-42649",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0044",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-0044",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201003-183",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-42649",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42649"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Safari is prone to a configuration-bypass weakness that affects the PubSub component of Safari. \nA successful attack will result in the bypass of intended security settings. This may result in a false sense of security. \nThis issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it. \nThis issue affect versions prior to Safari 4.0.5 running on Apple Mac OS X, Windows 7, XP, and Vista. \nNOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:\n38674 Apple Safari Prior to 4.0.5 Integer Overflow Vulnerability\n35451 LibTIFF \u0027LZWDecodeCompat()\u0027 Remote Buffer Underflow Vulnerability\n38676 Apple Safari BMP Image Uninitialized Memory Information Disclosure Vulnerability\n38677 Apple Safari TIFF Image Uninitialized Memory Information Disclosure Vulnerability\n38673 Apple Safari ImageIO TIFF Image Remote Code Execution Vulnerability\n38675 Apple Safari Prior to 4.0.5 Configuration Bypass Weakness\n38683 Apple Safari URL Schemes Handling Remote Code Execution Vulnerability\n38684 WebKit CSS \u0027format()\u0027 Arguments Memory Corruption Vulnerability\n38687 WebKit Object Element Fallback Memory Corruption Vulnerability\n38688 WebKit XML Document Parsing Memory Corruption Vulnerability\n38689 WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability\n38685 WebKit Nested HTML Tags Use-After-Free Error Remote Code Execution Vulnerability\n38692 WebKit Cross-Origin Stylesheet Request Information Disclosure Vulnerability\n38686 WebKit HTML Elements Callback Use-After-Free Error Remote Code Execution Vulnerability\n38690 WebKit CSS Display Use-After-Free Error Remote Code Execution Vulnerability\n38691 WebKit HTML Image Element Handling Memory Corruption Vulnerability. Safari is the web browser bundled by default in the Apple family machine operating system",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0044"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "BID",
"id": "38675"
},
{
"db": "BID",
"id": "38671"
},
{
"db": "VULHUB",
"id": "VHN-42649"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "38675",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2010-0044",
"trust": 2.8
},
{
"db": "BID",
"id": "38671",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "62937",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201003-183",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-03-11-1",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14628",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-42649",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42649"
},
{
"db": "BID",
"id": "38675"
},
{
"db": "BID",
"id": "38671"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"id": "VAR-201003-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42649"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:53:06.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4070",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4070"
},
{
"title": "HT4070",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4070?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42649"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/38675"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/38671"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4070"
},
{
"trust": 1.1,
"url": "http://osvdb.org/62937"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7051"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0044"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0044"
},
{
"trust": 0.6,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14628"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42649"
},
{
"db": "BID",
"id": "38675"
},
{
"db": "BID",
"id": "38671"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-42649"
},
{
"db": "BID",
"id": "38675"
},
{
"db": "BID",
"id": "38671"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-42649"
},
{
"date": "2010-03-11T00:00:00",
"db": "BID",
"id": "38675"
},
{
"date": "2010-03-11T00:00:00",
"db": "BID",
"id": "38671"
},
{
"date": "2010-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"date": "2010-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"date": "2010-03-15T13:28:25.467000",
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-42649"
},
{
"date": "2010-03-11T00:00:00",
"db": "BID",
"id": "38675"
},
{
"date": "2010-03-12T15:32:00",
"db": "BID",
"id": "38671"
},
{
"date": "2010-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001184"
},
{
"date": "2010-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-183"
},
{
"date": "2024-11-21T01:11:24.107000",
"db": "NVD",
"id": "CVE-2010-0044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "38675"
},
{
"db": "BID",
"id": "38671"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari of PubSub In Cookie Vulnerability set",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001184"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-183"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.