Sign-up

ID

VAR-200707-0562


CVE

CVE-2007-3514


TITLE

Apple Safari Vulnerabilities that can bypass the same origin policy

Trust: 0.8

sources: JVNDB: JVNDB-2007-002265

DESCRIPTION

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Safari For Windows is prone to a security bypass vulnerability

Trust: 1.98

sources: NVD: CVE-2007-3514 // JVNDB: JVNDB-2007-002265 // BID: 85636 // VULHUB: VHN-26876

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:windows edition 3.0.2

Trust: 0.8

sources: JVNDB: JVNDB-2007-002265 // CNNVD: CNNVD-200707-027 // NVD: CVE-2007-3514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3514
value: HIGH

Trust: 1.0

NVD: CVE-2007-3514
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200707-027
value: HIGH

Trust: 0.6

VULHUB: VHN-26876
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3514
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26876
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26876 // JVNDB: JVNDB-2007-002265 // CNNVD: CNNVD-200707-027 // NVD: CVE-2007-3514

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-027

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200707-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002265

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002265

EXTERNAL IDS
db:NVDid:CVE-2007-3514
Trust: 2.8
db:OSVDBid:38861
Trust: 1.1
db:JVNDBid:JVNDB-2007-002265
Trust: 0.8
db:CNNVDid:CNNVD-200707-027
Trust: 0.6
db:BIDid:85636
Trust: 0.4
db:VULHUBid:VHN-26876
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26876 // 
            
            
            
            BID: 85636 // 
            
            
            
            JVNDB: JVNDB-2007-002265 // 
            
            
            
            CNNVD: CNNVD-200707-027 // 
            
            
            
            NVD: CVE-2007-3514

REFERENCES
url:http://www.0x000000.com/?i=371
Trust: 2.0
url:http://osvdb.org/38861
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3514
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3514
Trust: 0.8
sources:
            
            
            VULHUB: VHN-26876 // 
            
            
            
            BID: 85636 // 
            
            
            
            JVNDB: JVNDB-2007-002265 // 
            
            
            
            CNNVD: CNNVD-200707-027 // 
            
            
            
            NVD: CVE-2007-3514

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 85636

SOURCES
db:VULHUBid:VHN-26876
db:BIDid:85636
db:JVNDBid:JVNDB-2007-002265
db:CNNVDid:CNNVD-200707-027
db:NVDid:CVE-2007-3514

LAST UPDATE DATE
2025-04-10T23:24:23.693000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26876date:2012-10-30T00:00:00
db:BIDid:85636date:2007-07-03T00:00:00
db:JVNDBid:JVNDB-2007-002265date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-027date:2007-07-09T00:00:00
db:NVDid:CVE-2007-3514date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-26876date:2007-07-03T00:00:00
db:BIDid:85636date:2007-07-03T00:00:00
db:JVNDBid:JVNDB-2007-002265date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200707-027date:2007-07-03T00:00:00
db:NVDid:CVE-2007-3514date:2007-07-03T10:30:00