Details of VAR-201111-0143

ID

VAR-201111-0143

CVE

CVE-2011-3998

TITLE

WebObjects vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-000097

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. WebObjects provided by Apple, contains a cross-site scripting vulnerability. WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. Successful exploits will allow attacker-supplied script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Apple WebObjects 5.2 and prior are vulnerable

Trust: 1.98

sources: NVD: CVE-2011-3998 // JVNDB: JVNDB-2011-000097 // BID: 50679 // VULHUB: VHN-51943

AFFECTED PRODUCTS

vendor:	apple	model:	webobjects	scope:	eq	version:	5.1	Trust: 1.9
vendor:	apple	model:	webobjects	scope:	eq	version:	5.0	Trust: 1.9
vendor:	apple	model:	webobjects	scope:	eq	version:	4.5	Trust: 1.6
vendor:	apple	model:	webobjects	scope:	eq	version:	3.1	Trust: 1.6
vendor:	apple	model:	webobjects	scope:	eq	version:	4.0	Trust: 1.6
vendor:	apple	model:	webobjects	scope:	eq	version:	3.5	Trust: 1.6
vendor:	apple	model:	webobjects	scope:	lte	version:	5.2	Trust: 1.0
vendor:	apple	model:	webobjects	scope:	eq	version:	5.2	Trust: 0.9
vendor:	apple	model:	webobjects	scope:	lte	version:	version 5.2	Trust: 0.8
vendor:	apple	model:	webobjects	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	webobjects	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	webobjects	scope:	eq	version:	5.1.2	Trust: 0.3

sources: BID: 50679 // JVNDB: JVNDB-2011-000097 // CNNVD: CNNVD-201111-202 // NVD: CVE-2011-3998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3998
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2011-000097
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201111-202
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51943
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3998
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2011-000097
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-51943
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51943 // JVNDB: JVNDB-2011-000097 // CNNVD: CNNVD-201111-202 // NVD: CVE-2011-3998

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-51943 // JVNDB: JVNDB-2011-000097 // NVD: CVE-2011-3998

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-202

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201111-202

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-000097

PATCH

title:	Developer Tools - Tools you'll love to use.	url:	http://developer.apple.com/technologies/tools/	Trust: 0.8
title:	Mac OS X Developer Library - Legacy	url:	http://developer.apple.com/legacy/mac/library/navigation/index.html?filter=webobjects	Trust: 0.8

sources: JVNDB: JVNDB-2011-000097

EXTERNAL IDS

db:	JVN	id:	JVN37223351	Trust: 2.8
db:	NVD	id:	CVE-2011-3998	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-000097	Trust: 2.5
db:	CNNVD	id:	CNNVD-201111-202	Trust: 0.7
db:	JVN	id:	JVN#37223351	Trust: 0.6
db:	BID	id:	50679	Trust: 0.4
db:	VULHUB	id:	VHN-51943	Trust: 0.1

sources: VULHUB: VHN-51943 // BID: 50679 // JVNDB: JVNDB-2011-000097 // CNNVD: CNNVD-201111-202 // NVD: CVE-2011-3998

REFERENCES

url:	http://jvn.jp/en/jp/jvn37223351/index.html	Trust: 2.8
url:	http://jvndb.jvn.jp/jvndb/jvndb-2011-000097	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3998	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3998	Trust: 0.8
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3

sources: VULHUB: VHN-51943 // BID: 50679 // JVNDB: JVNDB-2011-000097 // CNNVD: CNNVD-201111-202 // NVD: CVE-2011-3998

CREDITS

Daiki Fukumori of Cyber Defense Institute

Trust: 0.3

sources: BID: 50679

SOURCES

db:	VULHUB	id:	VHN-51943
db:	BID	id:	50679
db:	JVNDB	id:	JVNDB-2011-000097
db:	CNNVD	id:	CNNVD-201111-202
db:	NVD	id:	CVE-2011-3998

LAST UPDATE DATE

2025-04-11T23:10:00.467000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51943	date:	2011-11-16T00:00:00
db:	BID	id:	50679	date:	2011-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-000097	date:	2011-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201111-202	date:	2011-11-10T00:00:00
db:	NVD	id:	CVE-2011-3998	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51943	date:	2011-11-09T00:00:00
db:	BID	id:	50679	date:	2011-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-000097	date:	2011-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201111-202	date:	2011-11-10T00:00:00
db:	NVD	id:	CVE-2011-3998	date:	2011-11-09T20:55:01.633