Sign-up

ID

VAR-201005-0179


CVE

CVE-2010-1940


TITLE

Apple Safari Vulnerability in obtaining important information in

Trust: 0.8

sources: JVNDB: JVNDB-2010-004075

DESCRIPTION

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apple Safari "parent.close()" Code Execution Vulnerability SECUNIA ADVISORY ID: SA39670 VERIFY ADVISORY: http://secunia.com/advisories/39670/ DESCRIPTION: A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows. The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected. SOLUTION: Do not visit untrusted web sites or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Krystian Kloskowski (h07) ORIGINAL ADVISORY: http://h07.w.interia.pl/Safari.rar ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2010-1940 // JVNDB: JVNDB-2010-004075 // VULHUB: VHN-44545 // PACKETSTORM: 89292

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 2.4

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2010-004075 // CNNVD: CNNVD-201005-235 // NVD: CVE-2010-1940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1940
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1940
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201005-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44545
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1940
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44545
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44545 // JVNDB: JVNDB-2010-004075 // CNNVD: CNNVD-201005-235 // NVD: CVE-2010-1940

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-44545 // JVNDB: JVNDB-2010-004075 // NVD: CVE-2010-1940

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201005-235

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201005-235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004075

PATCH
title:Safariurl:http://www.apple.com/safari/
Trust: 0.8
title:Top Pageurl:http://windows.microsoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004075

EXTERNAL IDS
db:NVDid:CVE-2010-1940
Trust: 2.5
db:SECUNIAid:39670
Trust: 1.8
db:JVNDBid:JVNDB-2010-004075
Trust: 0.8
db:CNNVDid:CNNVD-201005-235
Trust: 0.7
db:VULHUBid:VHN-44545
Trust: 0.1
db:PACKETSTORMid:89292
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44545 // 
            
            
            
            JVNDB: JVNDB-2010-004075 // 
            
            
            
            PACKETSTORM: 89292 // 
            
            
            
            CNNVD: CNNVD-201005-235 // 
            
            
            
            NVD: CVE-2010-1940

REFERENCES
url:http://secunia.com/advisories/39670
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/58620
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1940
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1940
Trust: 0.8
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/39670/
Trust: 0.1
url:http://h07.w.interia.pl/safari.rar
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44545 // 
            
            
            
            JVNDB: JVNDB-2010-004075 // 
            
            
            
            PACKETSTORM: 89292 // 
            
            
            
            CNNVD: CNNVD-201005-235 // 
            
            
            
            NVD: CVE-2010-1940

CREDITS
Secunia
Trust: 0.1
sources:
            
            
            PACKETSTORM: 89292

SOURCES
db:VULHUBid:VHN-44545
db:JVNDBid:JVNDB-2010-004075
db:PACKETSTORMid:89292
db:CNNVDid:CNNVD-201005-235
db:NVDid:CVE-2010-1940

LAST UPDATE DATE
2025-04-11T20:32:46.316000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44545date:2017-08-17T00:00:00
db:JVNDBid:JVNDB-2010-004075date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201005-235date:2010-05-14T00:00:00
db:NVDid:CVE-2010-1940date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-44545date:2010-05-14T00:00:00
db:JVNDBid:JVNDB-2010-004075date:2012-06-26T00:00:00
db:PACKETSTORMid:89292date:2010-05-08T08:39:48
db:CNNVDid:CNNVD-201005-235date:2010-05-14T00:00:00
db:NVDid:CVE-2010-1940date:2010-05-14T20:30:01.530