Sign-up

ID

VAR-200708-0466


CVE

CVE-2007-2408


TITLE

Apple Safari of WebKit In Java Applet execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001948

DESCRIPTION

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. Apple Safari is prone to a weakness that may result in the execution of potentially malicious Java applets. This issue results from a design error. This weakness arises because the application fails to properly check a security setting. Versions prior to Safari 3.0.3 Beta and Safari 3.0.3 Beta for Windows are vulnerable to this issue. Safari is the WEB browser bundled with the Apple family operating system by default. Safari provides an option to enable Java preferences

Trust: 1.98

sources: NVD: CVE-2007-2408 // JVNDB: JVNDB-2007-001948 // BID: 25157 // VULHUB: VHN-25770

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 0.8

vendor:applemodel:safariscope:ltversion:3 beta

Trust: 0.8

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:neversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:neversion:3.0.3

Trust: 0.3

sources: BID: 25157 // JVNDB: JVNDB-2007-001948 // CNNVD: CNNVD-200708-035 // NVD: CVE-2007-2408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2408
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-2408
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200708-035
value: MEDIUM

Trust: 0.6

VULHUB: VHN-25770
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-2408
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25770
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25770 // JVNDB: JVNDB-2007-001948 // CNNVD: CNNVD-200708-035 // NVD: CVE-2007-2408

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-25770 // JVNDB: JVNDB-2007-001948 // NVD: CVE-2007-2408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-035

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200708-035

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001948

PATCH
title:Safari 3 Beta Update 3.0.3url:http://support.apple.com/kb/TA24875?viewlocale=en_US
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001948

EXTERNAL IDS
db:NVDid:CVE-2007-2408
Trust: 2.8
db:BIDid:25157
Trust: 2.0
db:VUPENid:ADV-2007-2730
Trust: 1.7
db:JVNDBid:JVNDB-2007-001948
Trust: 0.8
db:XFid:35714
Trust: 0.6
db:CNNVDid:CNNVD-200708-035
Trust: 0.6
db:VULHUBid:VHN-25770
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25770 // 
            
            
            
            BID: 25157 // 
            
            
            
            JVNDB: JVNDB-2007-001948 // 
            
            
            
            CNNVD: CNNVD-200708-035 // 
            
            
            
            NVD: CVE-2007-2408

REFERENCES
url:http://www.securityfocus.com/bid/25157
Trust: 1.7
url:http://docs.info.apple.com/article.html?artnum=306174
Trust: 1.7
url:http://isc.sans.org/diary.html?storyid=3214
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/2730
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35714
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2408
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2408
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/2730
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35714
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-25770 // 
            
            
            
            BID: 25157 // 
            
            
            
            JVNDB: JVNDB-2007-001948 // 
            
            
            
            CNNVD: CNNVD-200708-035 // 
            
            
            
            NVD: CVE-2007-2408

CREDITS
Rhys Kidd※ rhyskidd@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200708-035

SOURCES
db:VULHUBid:VHN-25770
db:BIDid:25157
db:JVNDBid:JVNDB-2007-001948
db:CNNVDid:CNNVD-200708-035
db:NVDid:CVE-2007-2408

LAST UPDATE DATE
2025-04-10T22:36:22.367000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25770date:2017-07-29T00:00:00
db:BIDid:25157date:2007-08-01T21:25:00
db:JVNDBid:JVNDB-2007-001948date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200708-035date:2007-08-06T00:00:00
db:NVDid:CVE-2007-2408date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-25770date:2007-08-03T00:00:00
db:BIDid:25157date:2007-07-31T00:00:00
db:JVNDBid:JVNDB-2007-001948date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200708-035date:2007-07-31T00:00:00
db:NVDid:CVE-2007-2408date:2007-08-03T20:17:00