Sign-up

ID

VAR-200705-0087


CVE

CVE-2007-2843


TITLE

Apple Safari Vulnerable to access to restricted information from other domains

Trust: 0.8

sources: JVNDB: JVNDB-2007-002072

DESCRIPTION

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions. Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks. This issue affects Safari 2.0.4; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2007-2843 // JVNDB: JVNDB-2007-002072 // BID: 24121 // VULHUB: VHN-26205

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 2.7

sources: BID: 24121 // JVNDB: JVNDB-2007-002072 // CNNVD: CNNVD-200705-481 // NVD: CVE-2007-2843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2843
value: HIGH

Trust: 1.0

NVD: CVE-2007-2843
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-481
value: CRITICAL

Trust: 0.6

VULHUB: VHN-26205
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2843
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26205
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26205 // JVNDB: JVNDB-2007-002072 // CNNVD: CNNVD-200705-481 // NVD: CVE-2007-2843

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2843

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-481

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200705-481

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002072

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-26205

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002072

EXTERNAL IDS
db:NVDid:CVE-2007-2843
Trust: 2.8
db:BIDid:24121
Trust: 2.0
db:OSVDBid:38859
Trust: 1.7
db:JVNDBid:JVNDB-2007-002072
Trust: 0.8
db:CNNVDid:CNNVD-200705-481
Trust: 0.6
db:SEEBUGid:SSVID-83537
Trust: 0.1
db:EXPLOIT-DBid:30078
Trust: 0.1
db:VULHUBid:VHN-26205
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26205 // 
            
            
            
            BID: 24121 // 
            
            
            
            JVNDB: JVNDB-2007-002072 // 
            
            
            
            CNNVD: CNNVD-200705-481 // 
            
            
            
            NVD: CVE-2007-2843

REFERENCES
url:http://www.thespanner.co.uk/2007/05/18/safari-needs-fixing/
Trust: 2.0
url:http://www.securityfocus.com/bid/24121
Trust: 1.7
url:http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html
Trust: 1.7
url:http://osvdb.org/38859
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2843
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2843
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-26205 // 
            
            
            
            BID: 24121 // 
            
            
            
            JVNDB: JVNDB-2007-002072 // 
            
            
            
            CNNVD: CNNVD-200705-481 // 
            
            
            
            NVD: CVE-2007-2843

CREDITS
Gareth Heyes disclosed this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 24121 // 
            
            
            
            CNNVD: CNNVD-200705-481

SOURCES
db:VULHUBid:VHN-26205
db:BIDid:24121
db:JVNDBid:JVNDB-2007-002072
db:CNNVDid:CNNVD-200705-481
db:NVDid:CVE-2007-2843

LAST UPDATE DATE
2025-04-10T22:57:39.105000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26205date:2008-11-15T00:00:00
db:BIDid:24121date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-002072date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-481date:2007-05-29T00:00:00
db:NVDid:CVE-2007-2843date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-26205date:2007-05-24T00:00:00
db:BIDid:24121date:2007-05-23T00:00:00
db:JVNDBid:JVNDB-2007-002072date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-481date:2007-05-24T00:00:00
db:NVDid:CVE-2007-2843date:2007-05-24T18:30:00