Sign-up

ID

VAR-201207-0487


CVE

CVE-2012-0679


TITLE

Apple Safari 6.0 Vulnerability to read arbitrary files in less than

Trust: 0.8

sources: JVNDB: JVNDB-2012-003309

DESCRIPTION

Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. Apple Safari is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Note: This issue was previously discussed in BID 54669 (Apple Safari Prior to 6.0 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems

Trust: 1.98

sources: NVD: CVE-2012-0679 // JVNDB: JVNDB-2012-003309 // BID: 54692 // VULHUB: VHN-53960

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.9

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:ltversion:6.0 (mac os)

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:neversion:6.0

Trust: 0.3

sources: BID: 54692 // JVNDB: JVNDB-2012-003309 // CNNVD: CNNVD-201207-449 // NVD: CVE-2012-0679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0679
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0679
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-449
value: MEDIUM

Trust: 0.6

VULHUB: VHN-53960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-0679
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53960
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53960 // JVNDB: JVNDB-2012-003309 // CNNVD: CNNVD-201207-449 // NVD: CVE-2012-0679

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-53960 // JVNDB: JVNDB-2012-003309 // NVD: CVE-2012-0679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201207-449

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201207-449

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003309

PATCH
title:APPLE-SA-2012-07-25-1url:http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Trust: 0.8
title:HT5400url:http://support.apple.com/kb/HT5400
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003309

EXTERNAL IDS
db:NVDid:CVE-2012-0679
Trust: 2.8
db:JVNDBid:JVNDB-2012-003309
Trust: 0.8
db:CNNVDid:CNNVD-201207-449
Trust: 0.7
db:APPLEid:APPLE-SA-2012-07-25-1
Trust: 0.6
db:NSFOCUSid:20168
Trust: 0.6
db:NSFOCUSid:20147
Trust: 0.6
db:BIDid:54692
Trust: 0.4
db:VULHUBid:VHN-53960
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53960 // 
            
            
            
            BID: 54692 // 
            
            
            
            JVNDB: JVNDB-2012-003309 // 
            
            
            
            CNNVD: CNNVD-201207-449 // 
            
            
            
            NVD: CVE-2012-0679

REFERENCES
url:http://lists.apple.com/archives/security-announce/2012/jul/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht5400
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0679
Trust: 0.8
url:http://jvn.jp/cert/jvnvu864819
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0679
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20168
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20147
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-53960 // 
            
            
            
            BID: 54692 // 
            
            
            
            JVNDB: JVNDB-2012-003309 // 
            
            
            
            CNNVD: CNNVD-201207-449 // 
            
            
            
            NVD: CVE-2012-0679

CREDITS
Aaron Sigel of vtty.com
Trust: 0.3
sources:
            
            
            BID: 54692

SOURCES
db:VULHUBid:VHN-53960
db:BIDid:54692
db:JVNDBid:JVNDB-2012-003309
db:CNNVDid:CNNVD-201207-449
db:NVDid:CVE-2012-0679

LAST UPDATE DATE
2025-04-11T19:36:14.532000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-53960date:2012-07-30T00:00:00
db:BIDid:54692date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003309date:2012-07-27T00:00:00
db:CNNVDid:CNNVD-201207-449date:2012-07-26T00:00:00
db:NVDid:CVE-2012-0679date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-53960date:2012-07-25T00:00:00
db:BIDid:54692date:2012-07-25T00:00:00
db:JVNDBid:JVNDB-2012-003309date:2012-07-27T00:00:00
db:CNNVDid:CNNVD-201207-449date:2012-07-26T00:00:00
db:NVDid:CVE-2012-0679date:2012-07-25T19:55:01.917