Lucene search

MitreCVE-2007-3756

HistorySep 27, 2007 - 9:17 p.m.

CVE-2007-3756

2007-09-2721:17:00

CWE-200

mitre

web.nvd.nist.gov

cve-2007-3756

safari

apple iphone

web security

remote attack

sensitive information disclosure

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.

Affected configurations

Nvd

Node

appleiphone_osMatch1.1.1

AND

applesafari

Node

applemac_os_xMatch10.4

applemac_os_xMatch10.4.1

applemac_os_xMatch10.4.2

applemac_os_xMatch10.4.3

applemac_os_xMatch10.4.4

applemac_os_xMatch10.4.5

applemac_os_xMatch10.4.6

applemac_os_xMatch10.4.7

applemac_os_xMatch10.4.8

applemac_os_xMatch10.4.9

applemac_os_xMatch10.4.10

microsoftwindows_vista

microsoftwindows_xp

AND

applesafariRange≤3.0.3

VendorProductVersionCPE
appleiphone_os1.1.1cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applemac_os_x10.4cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
applemac_os_x10.4.1cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
applemac_os_x10.4.2cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
applemac_os_x10.4.3cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
applemac_os_x10.4.4cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
applemac_os_x10.4.5cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
applemac_os_x10.4.6cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
applemac_os_x10.4.7cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	1.1.1	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	mac_os_x	10.4	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
apple	mac_os_x	10.4.1	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
apple	mac_os_x	10.4.2	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
apple	mac_os_x	10.4.3	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
apple	mac_os_x	10.4.4	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
apple	mac_os_x	10.4.5	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
apple	mac_os_x	10.4.6	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
apple	mac_os_x	10.4.7	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*

Rows per page:

1-10 of 151

References

docs.info.apple.com/article.html?artnum=306586

docs.info.apple.com/article.html?artnum=307041

lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

secunia.com/advisories/26983

secunia.com/advisories/27643

securitytracker.com/id?1018752

www.securityfocus.com/bid/25859

www.securityfocus.com/bid/26444

www.us-cert.gov/cas/techalerts/TA07-319A.html

www.vupen.com/english/advisories/2007/3287

www.vupen.com/english/advisories/2007/3868

exchange.xforce.ibmcloud.com/vulnerabilities/36855

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.021

Percentile

89.3%

JSON

Related for CVE-2007-3756