Details of VAR-201202-0148

ID

VAR-201202-0148

CVE

CVE-2011-3447

TITLE

Apple Mac OS X of CFNetwork Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2012-001282

DESCRIPTION

CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. Apple Mac OS X is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. The vulnerability stems from CFNetwork not correctly constructing the request header in the process of parsing the URL

Trust: 2.07

sources: NVD: CVE-2011-3447 // JVNDB: JVNDB-2012-001282 // BID: 51813 // VULHUB: VHN-51392 // VULMON: CVE-2011-3447

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.2	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.1	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.7.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.0	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 to v10.7.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7 to v10.7.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.7.3	Trust: 0.3

sources: BID: 51813 // JVNDB: JVNDB-2012-001282 // CNNVD: CNNVD-201202-071 // NVD: CVE-2011-3447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-3447
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-3447
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-071
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51392
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-3447
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-3447
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-51392
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-51392 // VULMON: CVE-2011-3447 // JVNDB: JVNDB-2012-001282 // CNNVD: CNNVD-201202-071 // NVD: CVE-2011-3447

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-51392 // JVNDB: JVNDB-2012-001282 // NVD: CVE-2011-3447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-071

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201202-071

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001282

PATCH

title:

HT5130

url:

http://support.apple.com/kb/HT5130

Trust: 0.8

sources: JVNDB: JVNDB-2012-001282

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3447	Trust: 2.9
db:	JVNDB	id:	JVNDB-2012-001282	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-071	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-02-01-1	Trust: 0.6
db:	BID	id:	51813	Trust: 0.5
db:	VULHUB	id:	VHN-51392	Trust: 0.1
db:	VULMON	id:	CVE-2011-3447	Trust: 0.1

sources: VULHUB: VHN-51392 // VULMON: CVE-2011-3447 // BID: 51813 // JVNDB: JVNDB-2012-001282 // CNNVD: CNNVD-201202-071 // NVD: CVE-2011-3447

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html	Trust: 1.8
url:	http://support.apple.com/kb/ht5130	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3447	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu382755	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3447	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/51813	Trust: 0.1

sources: VULHUB: VHN-51392 // VULMON: CVE-2011-3447 // BID: 51813 // JVNDB: JVNDB-2012-001282 // CNNVD: CNNVD-201202-071 // NVD: CVE-2011-3447

CREDITS

Erling Ellingsen of Facebook

Trust: 0.3

sources: BID: 51813

SOURCES

db:	VULHUB	id:	VHN-51392
db:	VULMON	id:	CVE-2011-3447
db:	BID	id:	51813
db:	JVNDB	id:	JVNDB-2012-001282
db:	CNNVD	id:	CNNVD-201202-071
db:	NVD	id:	CVE-2011-3447

LAST UPDATE DATE

2025-04-11T22:12:26.442000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-51392	date:	2012-02-03T00:00:00
db:	VULMON	id:	CVE-2011-3447	date:	2012-02-03T00:00:00
db:	BID	id:	51813	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001282	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-071	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3447	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-51392	date:	2012-02-02T00:00:00
db:	VULMON	id:	CVE-2011-3447	date:	2012-02-02T00:00:00
db:	BID	id:	51813	date:	2012-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-001282	date:	2012-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201202-071	date:	2012-02-06T00:00:00
db:	NVD	id:	CVE-2011-3447	date:	2012-02-02T18:55:01.113