Details of VAR-201207-0089

ID

VAR-201207-0089

CVE

CVE-2012-3689

TITLE

Apple Safari 6.0 Used in less than WebKit Vulnerabilities that bypass the same origin policy

Trust: 0.8

sources: JVNDB: JVNDB-2012-003312

DESCRIPTION

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. WebKit is prone to a remote information-disclosure vulnerability. Successful exploits may allow attackers to gain access to sensitive information. Information obtained may lead to further attacks. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems

Trust: 1.98

sources: NVD: CVE-2012-3689 // JVNDB: JVNDB-2012-003312 // BID: 54686 // VULHUB: VHN-56970

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	5.1.7	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	6.0 (mac os)	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.x	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2-1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	6.0	Trust: 0.3

sources: BID: 54686 // JVNDB: JVNDB-2012-003312 // CNNVD: CNNVD-201207-455 // NVD: CVE-2012-3689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3689
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3689
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-455
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56970
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3689
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56970
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56970 // JVNDB: JVNDB-2012-003312 // CNNVD: CNNVD-201207-455 // NVD: CVE-2012-3689

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-56970 // JVNDB: JVNDB-2012-003312 // NVD: CVE-2012-3689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-455

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201207-455

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003312

PATCH

title:	APPLE-SA-2012-07-25-1	url:	http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html	Trust: 0.8
title:	HT5400	url:	http://support.apple.com/kb/HT5400	Trust: 0.8

sources: JVNDB: JVNDB-2012-003312

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3689	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-003312	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-455	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-07-25-1	Trust: 0.6
db:	NSFOCUS	id:	20167	Trust: 0.6
db:	NSFOCUS	id:	20147	Trust: 0.6
db:	BID	id:	54686	Trust: 0.4
db:	VULHUB	id:	VHN-56970	Trust: 0.1

sources: VULHUB: VHN-56970 // BID: 54686 // JVNDB: JVNDB-2012-003312 // CNNVD: CNNVD-201207-455 // NVD: CVE-2012-3689

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5400	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3689	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu864819	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3689	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20167	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20147	Trust: 0.6
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-56970 // BID: 54686 // JVNDB: JVNDB-2012-003312 // CNNVD: CNNVD-201207-455 // NVD: CVE-2012-3689

CREDITS

David Bloom of Cue

Trust: 0.3

sources: BID: 54686

SOURCES

db:	VULHUB	id:	VHN-56970
db:	BID	id:	54686
db:	JVNDB	id:	JVNDB-2012-003312
db:	CNNVD	id:	CNNVD-201207-455
db:	NVD	id:	CVE-2012-3689

LAST UPDATE DATE

2025-04-11T22:13:40.387000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56970	date:	2012-07-30T00:00:00
db:	BID	id:	54686	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003312	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-455	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3689	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56970	date:	2012-07-25T00:00:00
db:	BID	id:	54686	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003312	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-455	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3689	date:	2012-07-25T19:55:06.007