Vulnerability-Lookup

CVE-2007-2399 (GCVE-0-2007-2399)

Vulnerability from cvelistv5 – Published: 2007-06-25 19:00 – Updated: 2024-08-07 13:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2316	vdb-entryx_refsource_VUPEN
	http://docs.info.apple.com/article.html?artnum=306173	x_refsource_CONFIRM
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/25786	third-party-advisoryx_refsource_SECUNIA
	http://osvdb.org/36130	vdb-entryx_refsource_OSVDB
	http://osvdb.org/36450	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/24597	vdb-entryx_refsource_BID
	http://secunia.com/advisories/26287	third-party-advisoryx_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=305759	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2007/2731	vdb-entryx_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/389868	third-party-advisoryx_refsource_CERT-VN
	http://www.securitytracker.com/id?1018281	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/2296	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:33:28.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=306173"
          },
          {
            "name": "APPLE-SA-2007-06-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
          },
          {
            "name": "25786",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25786"
          },
          {
            "name": "36130",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36130"
          },
          {
            "name": "36450",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36450"
          },
          {
            "name": "24597",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24597"
          },
          {
            "name": "26287",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305759"
          },
          {
            "name": "macos-framesets-code-execution(35019)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
          },
          {
            "name": "ADV-2007-2731",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2731"
          },
          {
            "name": "VU#389868",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/389868"
          },
          {
            "name": "1018281",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018281"
          },
          {
            "name": "ADV-2007-2296",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=306173"
        },
        {
          "name": "APPLE-SA-2007-06-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
        },
        {
          "name": "25786",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25786"
        },
        {
          "name": "36130",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36130"
        },
        {
          "name": "36450",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36450"
        },
        {
          "name": "24597",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24597"
        },
        {
          "name": "26287",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=305759"
        },
        {
          "name": "macos-framesets-code-execution(35019)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
        },
        {
          "name": "ADV-2007-2731",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2731"
        },
        {
          "name": "VU#389868",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/389868"
        },
        {
          "name": "1018281",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018281"
        },
        {
          "name": "ADV-2007-2296",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2399",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2316"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306173",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=306173"
            },
            {
              "name": "APPLE-SA-2007-06-22",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
            },
            {
              "name": "25786",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25786"
            },
            {
              "name": "36130",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36130"
            },
            {
              "name": "36450",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36450"
            },
            {
              "name": "24597",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24597"
            },
            {
              "name": "26287",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26287"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305759",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=305759"
            },
            {
              "name": "macos-framesets-code-execution(35019)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
            },
            {
              "name": "ADV-2007-2731",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2731"
            },
            {
              "name": "VU#389868",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/389868"
            },
            {
              "name": "1018281",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018281"
            },
            {
              "name": "ADV-2007-2296",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2399",
    "datePublished": "2007-06-25T19:00:00",
    "dateReserved": "2007-04-30T00:00:00",
    "dateUpdated": "2024-08-07T13:33:28.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2399\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-25T19:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \\\"invalid type conversion\\\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.\"},{\"lang\":\"es\",\"value\":\"WebKit en Apple Mac OS X versiones 10.3.9, 10.4.9 y posteriores, y iPhone versiones anteriores a 1.0.1, realiza una \\\"invalid type conversion\\\", que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de conjuntos de tramas no especificados que desencadenan una corrupci\u00f3n de memoria.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0\",\"matchCriteriaId\":\"6095A36B-BE17-4F65-81E6-2CAFACDF9577\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"786BB737-EA99-4EC6-B742-0C35BF2453F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8923EE1A-DD48-4EC8-8698-A33093FD709C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3029892E-1375-4F40-83D3-A51BDC4E9840\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=305759\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306173\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/36130\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/36450\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25786\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26287\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/389868\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/24597\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2296\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2316\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2731\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35019\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=306173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/36130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/36450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25786\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/26287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/389868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/24597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200706-0347

Vulnerability from variot - Updated: 2025-04-10 22:26

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. The specific vulnerability entries are as follows: * CVE-2007-2399 WebKit software package has a vulnerability in processing invalid type conversion when generating web pages.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Apple iPhone Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26287

VERIFY ADVISORY: http://secunia.com/advisories/26287/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Spoofing, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/

DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, and potentially to compromise a vulnerable system.

2) A boundary error in the Perl Compatible Regular Expressions (PCRE) library used by the Javascript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page.

3) An HTTP injection issue in XMLHttpRequest can be exploited to inject arbitrary HTTP requests.

For more information see vulnerability #2 in: SA25786

4) An error in WebKit within in the handling of International Domain Name (IDN) support and Unicode fonts embedded in Safari can be exploited to spoof a URL by registering domain names with certain international characters that resembles other commonly used characters.

For more information see vulnerability #1 in: SA25786

SOLUTION: Update to version 1.0.1 (downloadable and installable via iTunes).

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. 2) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. 3) The vendor credits Richard Moore, Westpoint Ltd. 5) The vendor credits Rhys Kidd, Westnet.

ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306173

OTHER REFERENCES: SA25786: http://secunia.com/advisories/25786/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0347",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.4.9 and later"
      },
      {
        "model": "iphone",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "mobile safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1"
      },
      {
        "model": "safari beta for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "BID",
        "id": "24597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rhys Kidd is credited with discovering this vulnerability.",
    "sources": [
      {
        "db": "BID",
        "id": "24597"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-2399",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-2399",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-25761",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-2399",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#289988",
            "trust": 0.8,
            "value": "0.47"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#845708",
            "trust": 0.8,
            "value": "0.57"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#389868",
            "trust": 0.8,
            "value": "2.55"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-2399",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200706-402",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25761",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. Apple Safari contains a race condition when handling HTTP redirection when updating pages.  This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. \nAn attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. The iPhone is a smartphone developed by Capsule Corporation. There are multiple security holes in the implementation of the iPhone, which can lead to malicious operation of the browser or information leakage. The specific vulnerability entries are as follows: * CVE-2007-2399 WebKit software package has a vulnerability in processing invalid type conversion when generating web pages. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iPhone Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26287\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26287/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple iPhone 1.x\nhttp://secunia.com/product/15128/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple iPhone, which can be\nexploited by malicious people to conduct cross-site scripting and\nspoofing attacks, and potentially to compromise a vulnerable system. \n\n2) A boundary error in the Perl Compatible Regular Expressions (PCRE)\nlibrary used by the Javascript engine in Safari can be exploited to\ncause a heap-based buffer overflow when a user visits a malicious web\npage. \n\n3) An HTTP injection issue in XMLHttpRequest can be exploited to\ninject arbitrary HTTP requests. \n\nFor more information see vulnerability #2 in:\nSA25786\n\n4) An error in WebKit within in the handling of International Domain\nName (IDN) support and Unicode fonts embedded in Safari can be\nexploited to spoof a URL by registering domain names with certain\ninternational characters that resembles other commonly used\ncharacters. \n\nFor more information see vulnerability #1 in:\nSA25786\n\nSOLUTION:\nUpdate to version 1.0.1 (downloadable and installable via iTunes). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of\nAdobe Systems, Inc. \n2) The vendor credits Charlie Miller and Jake Honoroff of Independent\nSecurity Evaluators. \n3) The vendor credits Richard Moore, Westpoint Ltd. \n5) The vendor credits Rhys Kidd, Westnet. \n\nORIGINAL ADVISORY:\nhttp://docs.info.apple.com/article.html?artnum=306173\n\nOTHER REFERENCES:\nSA25786:\nhttp://secunia.com/advisories/25786/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      },
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "BID",
        "id": "24597"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      }
    ],
    "trust": 4.23
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "26287",
        "trust": 4.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868",
        "trust": 3.6
      },
      {
        "db": "SECUNIA",
        "id": "25786",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "24597",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2316",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2731",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2296",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "36130",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "36450",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1018281",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#289988",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-25761",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58223",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "db": "BID",
        "id": "24597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "id": "VAR-200706-0347",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25761"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T22:26:01.846000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2007-06-22",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://docs.info.apple.com/article.html?artnum=306173"
      },
      {
        "trust": 3.3,
        "url": "http://docs.info.apple.com/article.html?artnum=305759"
      },
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/389868"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/26287/"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25786/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/24597"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/36130"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/36450"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1018281"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/25786"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/26287"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/2296"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/2316"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/2731"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
      },
      {
        "trust": 1.6,
        "url": "http://developer.apple.com/opensource/internet/webkit.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.8,
        "url": "http://www.mozilla.org/projects/security/components/same-origin.html"
      },
      {
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=61798"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/tech_tips/securing_browser/#safari"
      },
      {
        "trust": 0.8,
        "url": "http://developer.apple.com/internet/webcontent/xmlhttpreq.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt"
      },
      {
        "trust": 0.8,
        "url": "http://webkit.opendarwin.org/"
      },
      {
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2399"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2399"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15128/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "db": "BID",
        "id": "24597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "db": "BID",
        "id": "24597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "date": "2007-06-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "date": "2007-06-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "date": "2007-06-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "date": "2007-06-22T00:00:00",
        "db": "BID",
        "id": "24597"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "date": "2007-08-08T04:01:26",
        "db": "PACKETSTORM",
        "id": "58223"
      },
      {
        "date": "2007-06-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "date": "2007-06-25T19:30:00",
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-09-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#289988"
      },
      {
        "date": "2008-09-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#845708"
      },
      {
        "date": "2008-06-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#389868"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25761"
      },
      {
        "date": "2007-08-02T00:05:00",
        "db": "BID",
        "id": "24597"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001941"
      },
      {
        "date": "2022-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2007-2399"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari cross-domain HTTP redirection race condition",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#289988"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-402"
      }
    ],
    "trust": 0.6
  }
}

GHSA-V73V-2JGH-W8C6

Vulnerability from github – Published: 2022-05-01 18:03 – Updated: 2022-05-01 18:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2399"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-25T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.",
  "id": "GHSA-v73v-2jgh-w8c6",
  "modified": "2022-05-01T18:03:11Z",
  "published": "2022-05-01T18:03:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2399"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305759"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306173"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36130"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36450"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25786"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26287"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/389868"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24597"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018281"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2296"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2399

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2399

Aliases

CVE-2007-2399

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2399",
    "description": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.",
    "id": "GSD-2007-2399"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2399"
      ],
      "details": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.",
      "id": "GSD-2007-2399",
      "modified": "2023-12-13T01:21:37.736138Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2399",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2316"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306173",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306173"
          },
          {
            "name": "APPLE-SA-2007-06-22",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
          },
          {
            "name": "25786",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25786"
          },
          {
            "name": "36130",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/36130"
          },
          {
            "name": "36450",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/36450"
          },
          {
            "name": "24597",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24597"
          },
          {
            "name": "26287",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26287"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305759",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305759"
          },
          {
            "name": "macos-framesets-code-execution(35019)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
          },
          {
            "name": "ADV-2007-2731",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2731"
          },
          {
            "name": "VU#389868",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/389868"
          },
          {
            "name": "1018281",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018281"
          },
          {
            "name": "ADV-2007-2296",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2296"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2399"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://docs.info.apple.com/article.html?artnum=305759",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=305759"
            },
            {
              "name": "APPLE-SA-2007-06-22",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
            },
            {
              "name": "VU#389868",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/389868"
            },
            {
              "name": "24597",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24597"
            },
            {
              "name": "1018281",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securitytracker.com/id?1018281"
            },
            {
              "name": "25786",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25786"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306173",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306173"
            },
            {
              "name": "26287",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26287"
            },
            {
              "name": "ADV-2007-2731",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2731"
            },
            {
              "name": "ADV-2007-2316",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2316"
            },
            {
              "name": "ADV-2007-2296",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2296"
            },
            {
              "name": "36450",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/36450"
            },
            {
              "name": "36130",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/36130"
            },
            {
              "name": "macos-framesets-code-execution(35019)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2022-08-09T13:46Z",
      "publishedDate": "2007-06-25T19:30Z"
    }
  }
}

FKIE_CVE-2007-2399

Vulnerability from fkie_nvd - Published: 2007-06-25 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=305759
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306173
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
cve@mitre.org	http://osvdb.org/36130
cve@mitre.org	http://osvdb.org/36450
cve@mitre.org	http://secunia.com/advisories/25786	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26287	Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/389868	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/24597
cve@mitre.org	http://www.securitytracker.com/id?1018281	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2296	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2316	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2731	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35019
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305759
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306173
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36130
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36450
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25786	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26287	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/389868	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24597
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018281	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2296	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2316	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2731	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35019

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	10.3.9
apple	mac_os_x	10.4.9
apple	mac_os_x_server	10.3.9
apple	mac_os_x_server	10.4.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6095A36B-BE17-4F65-81E6-2CAFACDF9577",
              "versionEndIncluding": "1.0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3029892E-1375-4F40-83D3-A51BDC4E9840",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an \"invalid type conversion\", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption."
    },
    {
      "lang": "es",
      "value": "WebKit en Apple Mac OS X versiones 10.3.9, 10.4.9 y posteriores, y iPhone versiones anteriores a 1.0.1, realiza una \"invalid type conversion\", que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de conjuntos de tramas no especificados que desencadenan una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2007-2399",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-25T19:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=305759"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306173"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36130"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36450"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25786"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26287"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/389868"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24597"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/id?1018281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2731"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=305759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/389868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/id?1018281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35019"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-277

Vulnerability from certfr_avis - Published: 2007-06-26 - Updated: 2007-06-26

Deux vulnérabilités ont été identifiées dans le système d'exploitation MacOS X. Leur exploitation, par le biais d'une navigation sur une page malveillante, peut entraîner une injection de code indirecte (cross-site scripting), un dysfonctionnement de l'application voire l'exécution de code arbitraire sur le système vulnérable.

Description

Deux vulnérabilités ont été identifiées dans le système d'exploitation MacOS X.

WebCore, et en particulier XMLHttpRequest ne manipulerait pas correctement certaines requêtes HTTP. Cette vulnérabilité pourrait amener un utilisateur naviguant sur une page malveillante à conduire une attaque par injection de code indirecte (cross-site scripting) ;
WebKit ne convertirait pas correctement certains types au cours du rendu des cadres dans une page, pouvant provoquer une corruption de la mémoire. Cette vulnérabilité peut être exploitée par le biais d'une page Web spécialement construite : celle-ci provoquerait un dysfonctionnement de l'application voire l'exécution de code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2007-006 de l'éditeur Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	MacOS X Server v10.3.9 ;
Apple	macOS	MacOS X Server v10.4.9 ou une version plus ancienne.
Apple	macOS	MacOS X v10.3.9 ;
Apple	macOS	MacOS X v10.4.9 ou une version plus ancienne ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2399 (GCVE-0-2007-2399)

VAR-200706-0347

GHSA-V73V-2JGH-W8C6

GSD-2007-2399

FKIE_CVE-2007-2399

CERTA-2007-AVI-277

Description

Solution

Tags

Sightings

Nomenclature