Details of VAR-200801-0339

ID

VAR-200801-0339

CVE

CVE-2008-0298

TITLE

Apple Safari KHTML WebKit Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 27261 // CNNVD: CNNVD-200801-255

DESCRIPTION

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. Apple Safari is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Apple Safari 2 running on Mac OS X is vulnerable. Safari is the WEB browser bundled with the Apple family operating system by default. A vulnerability exists when Safari handles malformed HTML documents. Remote attackers may exploit this vulnerability to cause the browser to crash. Safari does not properly validate KHTML Webkit. If the user is tricked into visiting a malicious HTML page, the browser will crash

Trust: 1.98

sources: NVD: CVE-2008-0298 // JVNDB: JVNDB-2008-002604 // BID: 27261 // VULHUB: VHN-30423

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.x	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	mobile safari	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	3	Trust: 0.3

sources: BID: 27261 // JVNDB: JVNDB-2008-002604 // CNNVD: CNNVD-200801-255 // NVD: CVE-2008-0298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0298
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-0298
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200801-255
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-30423
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-0298
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-30423
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-30423 // JVNDB: JVNDB-2008-002604 // CNNVD: CNNVD-200801-255 // NVD: CVE-2008-0298

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-30423 // JVNDB: JVNDB-2008-002604 // NVD: CVE-2008-0298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-255

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200801-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002604

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-30423

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002604

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0298	Trust: 2.8
db:	BID	id:	27261	Trust: 2.0
db:	SREASON	id:	3549	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-002604	Trust: 0.8
db:	XF	id:	39635	Trust: 0.6
db:	BUGTRAQ	id:	20080112 SAFARI 2 DENIAL OF SERVICE	Trust: 0.6
db:	CNNVD	id:	CNNVD-200801-255	Trust: 0.6
db:	SEEBUG	id:	SSVID-84374	Trust: 0.1
db:	EXPLOIT-DB	id:	31021	Trust: 0.1
db:	VULHUB	id:	VHN-30423	Trust: 0.1

sources: VULHUB: VHN-30423 // BID: 27261 // JVNDB: JVNDB-2008-002604 // CNNVD: CNNVD-200801-255 // NVD: CVE-2008-0298

REFERENCES

url:	http://www.s21sec.com/avisos/s21sec-039-en.txt	Trust: 2.0
url:	http://www.securityfocus.com/bid/27261	Trust: 1.7
url:	http://securityreason.com/securityalert/3549	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/486202/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/39635	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0298	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0298	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/39635	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/486202/100/0/threaded	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	/archive/1/486202	Trust: 0.3

sources: VULHUB: VHN-30423 // BID: 27261 // JVNDB: JVNDB-2008-002604 // CNNVD: CNNVD-200801-255 // NVD: CVE-2008-0298

CREDITS

David Barroso※ dbarroso@s21sec.com

Trust: 0.6

sources: CNNVD: CNNVD-200801-255

SOURCES

db:	VULHUB	id:	VHN-30423
db:	BID	id:	27261
db:	JVNDB	id:	JVNDB-2008-002604
db:	CNNVD	id:	CNNVD-200801-255
db:	NVD	id:	CVE-2008-0298

LAST UPDATE DATE

2025-04-10T23:09:40.409000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-30423	date:	2018-10-15T00:00:00
db:	BID	id:	27261	date:	2015-05-07T17:33:00
db:	JVNDB	id:	JVNDB-2008-002604	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200801-255	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-0298	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-30423	date:	2008-01-16T00:00:00
db:	BID	id:	27261	date:	2008-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2008-002604	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200801-255	date:	2008-01-16T00:00:00
db:	NVD	id:	CVE-2008-0298	date:	2008-01-16T23:00:00