Sign-up

ID

VAR-200807-0313


CVE

CVE-2008-3171


TITLE

Apple Safari HTTPS to HTTPS Referer Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 30193 // CNNVD: CNNVD-200807-231

DESCRIPTION

Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. Information gathered by an attacker who exploits this vulnerability can aid in further attacks. Safari 3.1.2 is vulnerable; other versions may also be affected. Apple Safari is the world's fastest, most innovative web browser for Mac and PC

Trust: 1.98

sources: NVD: CVE-2008-3171 // JVNDB: JVNDB-2008-003250 // BID: 30193 // VULHUB: VHN-33296

AFFECTED PRODUCTS

vendor:applemodel:safariscope: - version: -

Trust: 1.4

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

sources: BID: 30193 // JVNDB: JVNDB-2008-003250 // CNNVD: CNNVD-200807-231 // NVD: CVE-2008-3171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3171
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-3171
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200807-231
value: MEDIUM

Trust: 0.6

VULHUB: VHN-33296
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-3171
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33296
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-33296 // JVNDB: JVNDB-2008-003250 // CNNVD: CNNVD-200807-231 // NVD: CVE-2008-3171

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-33296 // JVNDB: JVNDB-2008-003250 // NVD: CVE-2008-3171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200807-231

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200807-231

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003250

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-33296

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003250

EXTERNAL IDS
db:NVDid:CVE-2008-3171
Trust: 2.8
db:BIDid:30193
Trust: 2.0
db:JVNDBid:JVNDB-2008-003250
Trust: 0.8
db:CNNVDid:CNNVD-200807-231
Trust: 0.7
db:XFid:43837
Trust: 0.6
db:VULHUBid:VHN-33296
Trust: 0.1
sources:
            
            
            VULHUB: VHN-33296 // 
            
            
            
            BID: 30193 // 
            
            
            
            JVNDB: JVNDB-2008-003250 // 
            
            
            
            CNNVD: CNNVD-200807-231 // 
            
            
            
            NVD: CVE-2008-3171

REFERENCES
url:http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
Trust: 2.0
url:http://www.securityfocus.com/bid/30193
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/43837
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3171
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3171
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/43837
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-33296 // 
            
            
            
            BID: 30193 // 
            
            
            
            JVNDB: JVNDB-2008-003250 // 
            
            
            
            CNNVD: CNNVD-200807-231 // 
            
            
            
            NVD: CVE-2008-3171

CREDITS
Alex aka kuza55
Trust: 0.9
sources:
            
            
            BID: 30193 // 
            
            
            
            CNNVD: CNNVD-200807-231

SOURCES
db:VULHUBid:VHN-33296
db:BIDid:30193
db:JVNDBid:JVNDB-2008-003250
db:CNNVDid:CNNVD-200807-231
db:NVDid:CVE-2008-3171

LAST UPDATE DATE
2025-04-10T23:00:46.251000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-33296date:2017-08-08T00:00:00
db:BIDid:30193date:2015-05-07T17:27:00
db:JVNDBid:JVNDB-2008-003250date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200807-231date:2008-09-10T00:00:00
db:NVDid:CVE-2008-3171date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-33296date:2008-07-14T00:00:00
db:BIDid:30193date:2008-07-12T00:00:00
db:JVNDBid:JVNDB-2008-003250date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200807-231date:2008-07-14T00:00:00
db:NVDid:CVE-2008-3171date:2008-07-14T23:41:00