Details of VAR-201207-0091

ID

VAR-201207-0091

CVE

CVE-2012-3694

TITLE

Apple Safari 6.0 Used in less than WebKit Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2012-003316

DESCRIPTION

WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. WebKit is prone to an information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A vulnerability exists in WebKit in versions prior to Apple Safari 6.0 due to improper handling of the drag-and-drop event

Trust: 1.98

sources: NVD: CVE-2012-3694 // JVNDB: JVNDB-2012-003316 // BID: 54694 // VULHUB: VHN-56975

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	5.1.7	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0b1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	6.0 (mac os)	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.x	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2-1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	6.0	Trust: 0.3

sources: BID: 54694 // JVNDB: JVNDB-2012-003316 // CNNVD: CNNVD-201207-459 // NVD: CVE-2012-3694

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3694
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3694
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-459
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56975
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3694
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56975
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56975 // JVNDB: JVNDB-2012-003316 // CNNVD: CNNVD-201207-459 // NVD: CVE-2012-3694

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-56975 // JVNDB: JVNDB-2012-003316 // NVD: CVE-2012-3694

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-459

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201207-459

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003316

PATCH

title:	APPLE-SA-2012-07-25-1	url:	http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html	Trust: 0.8
title:	HT5400	url:	http://support.apple.com/kb/HT5400	Trust: 0.8

sources: JVNDB: JVNDB-2012-003316

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3694	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-003316	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-459	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-07-25-1	Trust: 0.6
db:	NSFOCUS	id:	20147	Trust: 0.6
db:	NSFOCUS	id:	20165	Trust: 0.6
db:	BID	id:	54694	Trust: 0.4
db:	VULHUB	id:	VHN-56975	Trust: 0.1

sources: VULHUB: VHN-56975 // BID: 54694 // JVNDB: JVNDB-2012-003316 // CNNVD: CNNVD-201207-459 // NVD: CVE-2012-3694

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5400	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3694	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu864819	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3694	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20165	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20147	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-56975 // BID: 54694 // JVNDB: JVNDB-2012-003316 // CNNVD: CNNVD-201207-459 // NVD: CVE-2012-3694

CREDITS

Daniel Cheng of Google and Aaron Sigel of vtty.com

Trust: 0.3

sources: BID: 54694

SOURCES

db:	VULHUB	id:	VHN-56975
db:	BID	id:	54694
db:	JVNDB	id:	JVNDB-2012-003316
db:	CNNVD	id:	CNNVD-201207-459
db:	NVD	id:	CVE-2012-3694

LAST UPDATE DATE

2025-04-11T19:37:06.334000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56975	date:	2012-11-30T00:00:00
db:	BID	id:	54694	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003316	date:	2012-12-03T00:00:00
db:	CNNVD	id:	CNNVD-201207-459	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3694	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56975	date:	2012-07-25T00:00:00
db:	BID	id:	54694	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003316	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-459	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3694	date:	2012-07-25T19:55:06.167