Sign-up

ID

VAR-201207-0099


CVE

CVE-2012-3691


TITLE

plural Apple Used in products WebKit Vulnerabilities that bypass the same origin policy

Trust: 0.8

sources: JVNDB: JVNDB-2012-003314

DESCRIPTION

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. WebKit is prone to a remote information-disclosure vulnerability. Successful exploits may allow attackers to gain access to sensitive information. Information obtained may lead to further attacks. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A remote attacker could exploit this vulnerability to bypass the same-origin policy via a specially crafted website

Trust: 2.25

sources: NVD: CVE-2012-3691 // JVNDB: JVNDB-2012-003314 // BID: 54687 // BID: 78161 // VULHUB: VHN-56972

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 2.2

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.9

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:iosscope:ltversion:6 (ipad

Trust: 0.8

vendor:applemodel:iosscope:eqversion:ipad 2)

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (iphone 3gs

Trust: 0.8

vendor:applemodel:iosscope:eqversion:iphone 4

Trust: 0.8

vendor:applemodel:iosscope:eqversion:iphone 4s)

Trust: 0.8

vendor:applemodel:iosscope:ltversion:6 (ipod touch first 3 after generation )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.0 (mac os)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r105591scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

sources: BID: 54687 // BID: 78161 // JVNDB: JVNDB-2012-003314 // CNNVD: CNNVD-201207-457 // NVD: CVE-2012-3691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3691
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3691
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-457
value: MEDIUM

Trust: 0.6

VULHUB: VHN-56972
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3691
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56972
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56972 // JVNDB: JVNDB-2012-003314 // CNNVD: CNNVD-201207-457 // NVD: CVE-2012-3691

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-56972 // JVNDB: JVNDB-2012-003314 // NVD: CVE-2012-3691

THREAT TYPE

network

Trust: 0.6

sources: BID: 54687 // BID: 78161

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201207-457

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003314

PATCH
title:APPLE-SA-2012-07-25-1url:http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400?viewlocale=ja_JP
Trust: 0.8
title:HT5503url:http://support.apple.com/kb/HT5503?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003314

EXTERNAL IDS
db:NVDid:CVE-2012-3691
Trust: 3.1
db:JVNDBid:JVNDB-2012-003314
Trust: 0.8
db:CNNVDid:CNNVD-201207-457
Trust: 0.7
db:APPLEid:APPLE-SA-2012-07-25-1
Trust: 0.6
db:NSFOCUSid:20147
Trust: 0.6
db:NSFOCUSid:20166
Trust: 0.6
db:BIDid:54687
Trust: 0.4
db:BIDid:78161
Trust: 0.4
db:VULHUBid:VHN-56972
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56972 // 
            
            
            
            BID: 54687 // 
            
            
            
            BID: 78161 // 
            
            
            
            JVNDB: JVNDB-2012-003314 // 
            
            
            
            CNNVD: CNNVD-201207-457 // 
            
            
            
            NVD: CVE-2012-3691

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html
Trust: 2.0
url:http://support.apple.com/kb/ht5400
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html
Trust: 1.4
url:http://support.apple.com/kb/ht5503
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3691
Trust: 0.8
url:http://jvn.jp/cert/jvnvu864819
Trust: 0.8
url:http://jvn.jp/cert/jvnvu624491/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3691
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20166
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20147
Trust: 0.6
url:http://www.apple.com
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-56972 // 
            
            
            
            BID: 54687 // 
            
            
            
            BID: 78161 // 
            
            
            
            JVNDB: JVNDB-2012-003314 // 
            
            
            
            CNNVD: CNNVD-201207-457 // 
            
            
            
            NVD: CVE-2012-3691

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 54687

SOURCES
db:VULHUBid:VHN-56972
db:BIDid:54687
db:BIDid:78161
db:JVNDBid:JVNDB-2012-003314
db:CNNVDid:CNNVD-201207-457
db:NVDid:CVE-2012-3691

LAST UPDATE DATE
2025-04-11T19:57:32.665000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56972date:2012-09-22T00:00:00
db:BIDid:54687date:2012-09-19T22:10:00
db:BIDid:78161date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003314date:2012-10-16T00:00:00
db:CNNVDid:CNNVD-201207-457date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3691date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-56972date:2012-07-25T00:00:00
db:BIDid:54687date:2012-07-25T00:00:00
db:BIDid:78161date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003314date:2012-07-27T00:00:00
db:CNNVDid:CNNVD-201207-457date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3691date:2012-07-25T19:55:06.087