Lucene search
AppleCVE-2011-0161HistoryMar 11, 2011 - 10:55 p.m.
CVE-2011-0161
2011-03-1122:55:02
CWE-264
CWE-20
apple
web.nvd.nist.gov
32
cve-2011-0161
webkit
safari
ios
same origin policy
css injection
vulnerability
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
8
Confidence
Low
EPSS
0.005
Percentile
76.5%
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
Affected configurations
Node
applesafariRange≤5.0.3
ORapplesafariMatch1.0
ORapplesafariMatch1.0beta
ORapplesafariMatch1.0beta2
ORapplesafariMatch1.0.0
ORapplesafariMatch1.0.0b1
ORapplesafariMatch1.0.0b2
ORapplesafariMatch1.0.1
ORapplesafariMatch1.0.2
ORapplesafariMatch1.0.3
ORapplesafariMatch1.0.385.8
ORapplesafariMatch1.0.385.8.1
ORapplesafariMatch1.1
ORapplesafariMatch1.1.0
ORapplesafariMatch1.1.1
ORapplesafariMatch1.2
ORapplesafariMatch1.2.0
ORapplesafariMatch1.2.1
ORapplesafariMatch1.2.2
ORapplesafariMatch1.2.3
ORapplesafariMatch1.2.4
ORapplesafariMatch1.2.5
ORapplesafariMatch1.3
ORapplesafariMatch1.3.0
ORapplesafariMatch1.3.1
ORapplesafariMatch1.3.2
ORapplesafariMatch1.3.2312.5
ORapplesafariMatch1.3.2312.6
ORapplesafariMatch2
ORapplesafariMatch2.0
ORapplesafariMatch2.0.0
ORapplesafariMatch2.0.1
ORapplesafariMatch2.0.2
ORapplesafariMatch2.0.3
ORapplesafariMatch2.0.3417.8
ORapplesafariMatch2.0.3417.9
ORapplesafariMatch2.0.3417.9.2
ORapplesafariMatch2.0.3417.9.3
ORapplesafariMatch2.0.4
ORapplesafariMatch3
ORapplesafariMatch3.0
ORapplesafariMatch3.0.0
ORapplesafariMatch3.0.0b
ORapplesafariMatch3.0.1
ORapplesafariMatch3.0.1b
ORapplesafariMatch3.0.2
ORapplesafariMatch3.0.2b
ORapplesafariMatch3.0.3
ORapplesafariMatch3.0.3b
ORapplesafariMatch3.0.4
ORapplesafariMatch3.0.4b
ORapplesafariMatch3.1.0
ORapplesafariMatch3.1.0b
ORapplesafariMatch3.1.1
ORapplesafariMatch3.1.2
ORapplesafariMatch3.2.0
ORapplesafariMatch3.2.1
ORapplesafariMatch3.2.2
ORapplesafariMatch4.1
ORapplesafariMatch4.1.1
ORapplesafariMatch4.1.2
ORapplesafariMatch5.0
ORapplesafariMatch5.0.1
ORapplesafariMatch5.0.2
ORapplewebkit
Node
applewebkit
ORappleiphone_osRange≤4.2
ORappleiphone_osMatch1.0.0
ORappleiphone_osMatch1.0.1
ORappleiphone_osMatch1.0.2
ORappleiphone_osMatch1.1.0
ORappleiphone_osMatch1.1.1
ORappleiphone_osMatch1.1.2
ORappleiphone_osMatch1.1.3
ORappleiphone_osMatch1.1.4
ORappleiphone_osMatch1.1.5
ORappleiphone_osMatch2.0
ORappleiphone_osMatch2.0.0
ORappleiphone_osMatch2.0.1
ORappleiphone_osMatch2.0.2
ORappleiphone_osMatch2.1
ORappleiphone_osMatch2.1.1
ORappleiphone_osMatch2.2
ORappleiphone_osMatch2.2.1
ORappleiphone_osMatch3.0
ORappleiphone_osMatch3.0.1
ORappleiphone_osMatch3.1
ORappleiphone_osMatch3.1.2
ORappleiphone_osMatch3.1.3
ORappleiphone_osMatch3.2
ORappleiphone_osMatch3.2.1
ORappleiphone_osMatch3.2.2
ORappleiphone_osMatch4.0
ORappleiphone_osMatch4.0.1
ORappleiphone_osMatch4.0.2
ORappleiphone_osMatch4.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | safari | * | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:* |
| apple | safari | 1.0.0 | cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:* |
| apple | safari | 1.0.0b1 | cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:* |
| apple | safari | 1.0.0b2 | cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:* |
| apple | safari | 1.0.1 | cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:* |
| apple | safari | 1.0.2 | cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:* |
| apple | safari | 1.0.3 | cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:* |
References
lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
support.apple.com/kb/HT4564
support.apple.com/kb/HT4566
www.securityfocus.com/bid/46814
www.securitytracker.com/id?1025182
exchange.xforce.ibmcloud.com/vulnerabilities/66000
Related
ubuntucve
ubuntucve
CVE-2011-0161
2011-03-11 00:00:00
cvelist
cvelist
CVE-2011-0161
2011-03-11 22:00:00
prion
prion
Design/Logic Flaw
2011-03-11 22:55:00
nvd
nvd
CVE-2011-0161
2011-03-11 22:55:02
openvas
openvas
Apple Safari Webkit Multiple Vulnerabilities (Mar 2011)
2011-03-22 00:00:00
Apple Safari Webkit Multiple Vulnerabilities - March 2011
2011-03-22 00:00:00
Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X)
2011-08-12 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 5.0.4
2011-03-10 00:00:00
Safari < 5.0.4 Multiple Vulnerabilities
2011-03-10 00:00:00
securityvulns
securityvulns
Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities
2011-03-16 00:00:00
About the security content of Safari 5.0.4
2011-03-15 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
8
Confidence
Low
EPSS
0.005
Percentile
76.5%
Related for CVE-2011-0161