Lucene search

MitreCVE-2006-1987

HistoryApr 21, 2006 - 10:02 p.m.

CVE-2006-1987

2006-04-2122:02:00

mitre

web.nvd.nist.gov

cve-2006-1987

apple safari

denial of service

code execution

invalid frame tag

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.799

Percentile

98.3%

JSON

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.

Affected configurations

Nvd

Node

applesafariMatch2.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

VendorProductVersionCPE
applesafari2.0cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
applesafari2.0.1cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
applesafari2.0.2cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	2.0	cpe:2.3:a:apple:safari:2.0:::::::*
apple	safari	2.0.1	cpe:2.3:a:apple:safari:2.0.1:::::::*
apple	safari	2.0.2	cpe:2.3:a:apple:safari:2.0.2:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:::::::*

References

secunia.com/advisories/19686

security-protocols.com/poc/sp-x26-4.html

www.security-protocols.com/sp-x26-advisory.php

www.securityfocus.com/bid/17634

www.vupen.com/english/advisories/2006/1452

exchange.xforce.ibmcloud.com/vulnerabilities/25946

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.799

Percentile

98.3%

JSON

Related for CVE-2006-1987