Details of VAR-201207-0097

ID

VAR-201207-0097

CVE

CVE-2012-3696

TITLE

plural Apple Used in products WebKit In CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-003318

DESCRIPTION

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A CRLF injection vulnerability exists in Apple Safari versions prior to 6.0

Trust: 1.98

sources: NVD: CVE-2012-3696 // JVNDB: JVNDB-2012-003318 // BID: 54700 // VULHUB: VHN-56977

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.2.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1b	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0b1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.3.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	5.1.7	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (iphone 3gs or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	6 (ipod touch first 4 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0 (mac os)	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 54700 // JVNDB: JVNDB-2012-003318 // CNNVD: CNNVD-201207-461 // NVD: CVE-2012-3696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3696
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3696
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-461
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56977
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3696
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56977
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56977 // JVNDB: JVNDB-2012-003318 // CNNVD: CNNVD-201207-461 // NVD: CVE-2012-3696

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-56977 // JVNDB: JVNDB-2012-003318 // NVD: CVE-2012-3696

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-461

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201207-461

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003318

PATCH

title:	APPLE-SA-2012-07-25-1	url:	http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503	Trust: 0.8
title:	HT5400	url:	http://support.apple.com/kb/HT5400	Trust: 0.8
title:	HT5503	url:	http://support.apple.com/kb/HT5503?viewlocale=ja_JP	Trust: 0.8
title:	HT5400	url:	http://support.apple.com/kb/HT5400?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-003318

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3696	Trust: 2.8
db:	BID	id:	54700	Trust: 1.4
db:	JVNDB	id:	JVNDB-2012-003318	Trust: 0.8
db:	CNNVD	id:	CNNVD-201207-461	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-07-25-1	Trust: 0.6
db:	NSFOCUS	id:	20147	Trust: 0.6
db:	NSFOCUS	id:	20160	Trust: 0.6
db:	VULHUB	id:	VHN-56977	Trust: 0.1

sources: VULHUB: VHN-56977 // BID: 54700 // JVNDB: JVNDB-2012-003318 // CNNVD: CNNVD-201207-461 // NVD: CVE-2012-3696

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5400	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/54700	Trust: 1.1
url:	http://support.apple.com/kb/ht5503	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3696	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu864819/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu624491/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3696	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20160	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/20147	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-56977 // BID: 54700 // JVNDB: JVNDB-2012-003318 // CNNVD: CNNVD-201207-461 // NVD: CVE-2012-3696

CREDITS

David Belcher of the BlackBerry Security Incident Response Team

Trust: 0.3

sources: BID: 54700

SOURCES

db:	VULHUB	id:	VHN-56977
db:	BID	id:	54700
db:	JVNDB	id:	JVNDB-2012-003318
db:	CNNVD	id:	CNNVD-201207-461
db:	NVD	id:	CVE-2012-3696

LAST UPDATE DATE

2025-04-11T20:09:20.003000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56977	date:	2013-03-22T00:00:00
db:	BID	id:	54700	date:	2012-09-19T22:10:00
db:	JVNDB	id:	JVNDB-2012-003318	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201207-461	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3696	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56977	date:	2012-07-25T00:00:00
db:	BID	id:	54700	date:	2012-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2012-003318	date:	2012-07-27T00:00:00
db:	CNNVD	id:	CNNVD-201207-461	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3696	date:	2012-07-25T19:55:06.243