ID

VAR-200707-0562


CVE

CVE-2007-3514


TITLE

Apple Safari Vulnerabilities that can bypass the same origin policy

Trust: 0.8

sources: JVNDB: JVNDB-2007-002265

DESCRIPTION

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Safari For Windows is prone to a security bypass vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3514 // JVNDB: JVNDB-2007-002265 // BID: 85636 // VULHUB: VHN-26876

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:windows edition 3.0.2

Trust: 0.8

sources: JVNDB: JVNDB-2007-002265 // CNNVD: CNNVD-200707-027 // NVD: CVE-2007-3514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3514
value: HIGH

Trust: 1.0

NVD: CVE-2007-3514
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-027
value: HIGH

Trust: 0.6

VULHUB: VHN-26876
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3514
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26876
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26876 // JVNDB: JVNDB-2007-002265 // CNNVD: CNNVD-200707-027 // NVD: CVE-2007-3514

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-027

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-027

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002265

PATCH

title:Top Pageurl:http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002265

EXTERNAL IDS

db:NVDid:CVE-2007-3514

Trust: 2.8

db:OSVDBid:38861

Trust: 1.1

db:JVNDBid:JVNDB-2007-002265

Trust: 0.8

db:CNNVDid:CNNVD-200707-027

Trust: 0.6

db:BIDid:85636

Trust: 0.4

db:VULHUBid:VHN-26876

Trust: 0.1

sources: VULHUB: VHN-26876 // BID: 85636 // JVNDB: JVNDB-2007-002265 // CNNVD: CNNVD-200707-027 // NVD: CVE-2007-3514

REFERENCES

url:http://www.0x000000.com/?i=371

Trust: 2.0

url:http://osvdb.org/38861

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3514

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3514

Trust: 0.8

sources: VULHUB: VHN-26876 // BID: 85636 // JVNDB: JVNDB-2007-002265 // CNNVD: CNNVD-200707-027 // NVD: CVE-2007-3514

CREDITS

Unknown

Trust: 0.3

sources: BID: 85636

SOURCES

db:VULHUBid:VHN-26876
db:BIDid:85636
db:JVNDBid:JVNDB-2007-002265
db:CNNVDid:CNNVD-200707-027
db:NVDid:CVE-2007-3514

LAST UPDATE DATE

2025-04-10T23:24:23.693000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26876date:2012-10-30T00:00:00
db:BIDid:85636date:2007-07-03T00:00:00
db:JVNDBid:JVNDB-2007-002265date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-027date:2007-07-09T00:00:00
db:NVDid:CVE-2007-3514date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-26876date:2007-07-03T00:00:00
db:BIDid:85636date:2007-07-03T00:00:00
db:JVNDBid:JVNDB-2007-002265date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-027date:2007-07-03T00:00:00
db:NVDid:CVE-2007-3514date:2007-07-03T10:30:00