Sign-up

ID

VAR-200804-0230


CVE

CVE-2008-1999


TITLE

Apple Safari Vulnerable to address bar spoofing

Trust: 0.8

sources: JVNDB: JVNDB-2008-003012

DESCRIPTION

Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. Safari is prone to a remote security vulnerability. ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 4 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Safari Address Bar URL Spoofing Security Issue SECUNIA ADVISORY ID: SA29900 VERIFY ADVISORY: http://secunia.com/advisories/29900/ CRITICAL: Less critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari for Windows 3.x http://secunia.com/product/17978/ DESCRIPTION: Juan Pablo Lopez Yacubian has discovered a security issue in Safari, which can be exploited by malicious people to display a fake URL in the address bar. The security issue is confirmed in version 3.1.1 on Mac OS X and Vista. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Juan Pablo Lopez Yacubian ORIGINAL ADVISORY: http://es.geocities.com/jplopezy/pruebasafari3.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-1999 // JVNDB: JVNDB-2008-003012 // BID: 85046 // VULHUB: VHN-32124 // PACKETSTORM: 65843

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 2.7

sources: BID: 85046 // JVNDB: JVNDB-2008-003012 // CNNVD: CNNVD-200804-417 // NVD: CVE-2008-1999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1999
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1999
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200804-417
value: MEDIUM

Trust: 0.6

VULHUB: VHN-32124
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1999
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32124
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32124 // JVNDB: JVNDB-2008-003012 // CNNVD: CNNVD-200804-417 // NVD: CVE-2008-1999

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2008-003012 // NVD: CVE-2008-1999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200804-417

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200804-417

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003012

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003012

EXTERNAL IDS
db:NVDid:CVE-2008-1999
Trust: 2.8
db:SREASONid:3833
Trust: 2.0
db:SECUNIAid:29900
Trust: 1.8
db:VUPENid:ADV-2008-1347
Trust: 1.7
db:XFid:41981
Trust: 0.9
db:JVNDBid:JVNDB-2008-003012
Trust: 0.8
db:CNNVDid:CNNVD-200804-417
Trust: 0.7
db:BUGTRAQid:20080422 SAFARI 3.1.1 MULTIPLE VULNERABILITIES FOR WINDOWS
Trust: 0.6
db:BIDid:85046
Trust: 0.4
db:VULHUBid:VHN-32124
Trust: 0.1
db:PACKETSTORMid:65843
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32124 // 
            
            
            
            BID: 85046 // 
            
            
            
            JVNDB: JVNDB-2008-003012 // 
            
            
            
            PACKETSTORM: 65843 // 
            
            
            
            CNNVD: CNNVD-200804-417 // 
            
            
            
            NVD: CVE-2008-1999

REFERENCES
url:http://es.geocities.com/jplopezy/pruebasafari3.html
Trust: 2.1
url:http://securityreason.com/securityalert/3833
Trust: 2.0
url:http://secunia.com/advisories/29900
Trust: 1.7
url:http://www.securityfocus.com/archive/1/491192/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/1347
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41981
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/41981
Trust: 0.9
url:http://www.securityfocus.com/archive/1/archive/1/491192/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1999
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1999
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/1347
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector_2/
Trust: 0.1
url:http://secunia.com/advisories/29900/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/17978/
Trust: 0.1
url:http://secunia.com/product/17989/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32124 // 
            
            
            
            BID: 85046 // 
            
            
            
            JVNDB: JVNDB-2008-003012 // 
            
            
            
            PACKETSTORM: 65843 // 
            
            
            
            CNNVD: CNNVD-200804-417 // 
            
            
            
            NVD: CVE-2008-1999

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 85046

SOURCES
db:VULHUBid:VHN-32124
db:BIDid:85046
db:JVNDBid:JVNDB-2008-003012
db:PACKETSTORMid:65843
db:CNNVDid:CNNVD-200804-417
db:NVDid:CVE-2008-1999

LAST UPDATE DATE
2025-04-10T23:03:26.210000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32124date:2018-10-11T00:00:00
db:BIDid:85046date:2008-04-28T00:00:00
db:JVNDBid:JVNDB-2008-003012date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200804-417date:2009-01-29T00:00:00
db:NVDid:CVE-2008-1999date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-32124date:2008-04-28T00:00:00
db:BIDid:85046date:2008-04-28T00:00:00
db:JVNDBid:JVNDB-2008-003012date:2012-06-26T00:00:00
db:PACKETSTORMid:65843date:2008-04-28T14:37:56
db:CNNVDid:CNNVD-200804-417date:2008-04-28T00:00:00
db:NVDid:CVE-2008-1999date:2008-04-28T20:05:00