Details of VAR-200705-0278

ID

VAR-200705-0278

CVE

CVE-2007-2580

TITLE

Apple Safari Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2007-001992

DESCRIPTION

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. Apple Safari is prone to an unspecified local vulnerability. Few technical details are currently available. We will update this BID as more information emerges

Trust: 1.98

sources: NVD: CVE-2007-2580 // JVNDB: JVNDB-2007-001992 // BID: 23825 // VULHUB: VHN-25942

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	2	Trust: 0.3
vendor:	apple	model:	mobile safari	scope:	eq	version:	0	Trust: 0.3

sources: BID: 23825 // JVNDB: JVNDB-2007-001992 // CNNVD: CNNVD-200705-193 // NVD: CVE-2007-2580

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2580
value:	LOW
Trust: 1.0
NVD:	CVE-2007-2580
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200705-193
value:	LOW
Trust: 0.6
VULHUB:	VHN-25942
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2007-2580
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25942
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25942 // JVNDB: JVNDB-2007-001992 // CNNVD: CNNVD-200705-193 // NVD: CVE-2007-2580

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2580

THREAT TYPE

local

Trust: 0.9

sources: BID: 23825 // CNNVD: CNNVD-200705-193

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200705-193

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001992

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-25942

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2007-001992

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2580	Trust: 2.8
db:	BID	id:	23825	Trust: 2.0
db:	SREASON	id:	2685	Trust: 1.7
db:	OSVDB	id:	35569	Trust: 1.7
db:	BUGTRAQ	id:	20070516 RE: APPLE SAFARI ON MACOSX MAY REVEAL USER'S SAVED PASSWORDS	Trust: 1.2
db:	BUGTRAQ	id:	20070515 RE: APPLE SAFARI ON MACOSX MAY REVEAL USER'S SAVED PASSWORDS	Trust: 1.2
db:	JVNDB	id:	JVNDB-2007-001992	Trust: 0.8
db:	CNNVD	id:	CNNVD-200705-193	Trust: 0.7
db:	BUGTRAQ	id:	20070504 SAFARI'S SAVED PASSWORD AT RISK	Trust: 0.6
db:	BUGTRAQ	id:	20070517 RE: APPLE SAFARI ON MACOSX MAY REVEAL USER'S SAVED PASSWORDS	Trust: 0.6
db:	BUGTRAQ	id:	20070514 RE: RE: APPLE SAFARI ON MACOSX MAY REVEAL USER'S SAVED PASSWORDS	Trust: 0.6
db:	BUGTRAQ	id:	20070514 RE: APPLE SAFARI ON MACOSX MAY REVEAL USER'S SAVED PASSWORDS	Trust: 0.6
db:	BUGTRAQ	id:	20070514 APPLE SAFARI ON MACOSX MAY REVEAL USER'S SAVED PASSWORDS	Trust: 0.6
db:	EXPLOIT-DB	id:	29950	Trust: 0.1
db:	SEEBUG	id:	SSVID-83419	Trust: 0.1
db:	VULHUB	id:	VHN-25942	Trust: 0.1

sources: VULHUB: VHN-25942 // BID: 23825 // JVNDB: JVNDB-2007-001992 // CNNVD: CNNVD-200705-193 // NVD: CVE-2007-2580

REFERENCES

url:	http://www.securityfocus.com/bid/23825	Trust: 1.7
url:	http://www.osvdb.org/35569	Trust: 1.7
url:	http://securityreason.com/securityalert/2685	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/467676/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468544/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468585/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468639/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468650/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468719/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468737/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468727/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/468869/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2580	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2580	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/468869/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468737/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468727/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468719/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468650/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468639/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468585/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/468544/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/467676/100/0/threaded	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	/archive/1/468544	Trust: 0.3
url:	/archive/1/468639	Trust: 0.3
url:	/archive/1/467676	Trust: 0.3

sources: VULHUB: VHN-25942 // BID: 23825 // JVNDB: JVNDB-2007-001992 // CNNVD: CNNVD-200705-193 // NVD: CVE-2007-2580

CREDITS

poplix disclosed this issue.

Trust: 0.9

sources: BID: 23825 // CNNVD: CNNVD-200705-193

SOURCES

db:	VULHUB	id:	VHN-25942
db:	BID	id:	23825
db:	JVNDB	id:	JVNDB-2007-001992
db:	CNNVD	id:	CNNVD-200705-193
db:	NVD	id:	CVE-2007-2580

LAST UPDATE DATE

2025-04-10T23:03:42.625000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25942	date:	2018-10-16T00:00:00
db:	BID	id:	23825	date:	2015-05-07T17:39:00
db:	JVNDB	id:	JVNDB-2007-001992	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-193	date:	2007-08-01T00:00:00
db:	NVD	id:	CVE-2007-2580	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25942	date:	2007-05-09T00:00:00
db:	BID	id:	23825	date:	2007-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2007-001992	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-193	date:	2007-05-09T00:00:00
db:	NVD	id:	CVE-2007-2580	date:	2007-05-09T21:19:00