Details of VAR-201006-0450

ID

VAR-201006-0450

CVE

CVE-2010-2454

TITLE

Apple Safari Vulnerable to spoofing attacks

Trust: 0.8

sources: JVNDB: JVNDB-2010-004165

DESCRIPTION

Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. The problem is CVE-2010-1206 The problem is related to.Crafted by attackers HTML A spoofing attack may be performed via the document. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems

Trust: 1.71

sources: NVD: CVE-2010-2454 // JVNDB: JVNDB-2010-004165 // VULHUB: VHN-45059

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0

sources: JVNDB: JVNDB-2010-004165 // CNNVD: CNNVD-201006-416 // NVD: CVE-2010-2454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2454
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-2454
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-416
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-45059
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-2454
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-45059
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-45059 // JVNDB: JVNDB-2010-004165 // CNNVD: CNNVD-201006-416 // NVD: CVE-2010-2454

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-45059 // JVNDB: JVNDB-2010-004165 // NVD: CVE-2010-2454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-416

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201006-416

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004165

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2010-004165

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2454	Trust: 2.5
db:	JVNDB	id:	JVNDB-2010-004165	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-416	Trust: 0.7
db:	VULHUB	id:	VHN-45059	Trust: 0.1

sources: VULHUB: VHN-45059 // JVNDB: JVNDB-2010-004165 // CNNVD: CNNVD-201006-416 // NVD: CVE-2010-2454

REFERENCES

url:	http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=556957	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/59830	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2454	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2454	Trust: 0.8

sources: VULHUB: VHN-45059 // JVNDB: JVNDB-2010-004165 // CNNVD: CNNVD-201006-416 // NVD: CVE-2010-2454

SOURCES

db:	VULHUB	id:	VHN-45059
db:	JVNDB	id:	JVNDB-2010-004165
db:	CNNVD	id:	CNNVD-201006-416
db:	NVD	id:	CVE-2010-2454

LAST UPDATE DATE

2025-04-11T23:04:25.461000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-45059	date:	2017-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2010-004165	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-416	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2010-2454	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-45059	date:	2010-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2010-004165	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201006-416	date:	2010-06-29T00:00:00
db:	NVD	id:	CVE-2010-2454	date:	2010-06-25T19:30:01.670