Details of VAR-201310-0496

ID

VAR-201310-0496

CVE

CVE-2013-5130

TITLE

Apple Safari Used in products such as WebKit Vulnerable to browsing information

Trust: 0.8

sources: JVNDB: JVNDB-2013-004871

DESCRIPTION

WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. This vulnerability Webkit Vulnerability in Webkit Other products that use may also be affected.By the attacker, LocalStorage/ Browsing information may be obtained by using the file. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.98

sources: NVD: CVE-2013-5130 // JVNDB: JVNDB-2013-004871 // BID: 63289 // VULHUB: VHN-65132

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	lte	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	6.1 (apple mac os x server v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.1 (apple mac os x v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.1 (apple mac os x v10.8.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3

sources: BID: 63289 // JVNDB: JVNDB-2013-004871 // CNNVD: CNNVD-201310-606 // NVD: CVE-2013-5130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5130
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5130
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-606
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65132
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5130
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65132
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65132 // JVNDB: JVNDB-2013-004871 // CNNVD: CNNVD-201310-606 // NVD: CVE-2013-5130

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-65132 // JVNDB: JVNDB-2013-004871 // NVD: CVE-2013-5130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-606

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201310-606

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004871

PATCH

title:	APPLE-SA-2013-10-22-2	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html	Trust: 0.8
title:	HT6000	url:	http://support.apple.com/kb/HT6000	Trust: 0.8
title:	HT6000	url:	http://support.apple.com/kb/HT6000?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004871

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5130	Trust: 2.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004871	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-606	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-10-22-2	Trust: 0.6
db:	BID	id:	63289	Trust: 0.4
db:	VULHUB	id:	VHN-65132	Trust: 0.1

sources: VULHUB: VHN-65132 // BID: 63289 // JVNDB: JVNDB-2013-004871 // CNNVD: CNNVD-201310-606 // NVD: CVE-2013-5130

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00003.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5130	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5130	Trust: 0.8
url:	http://www.webkit.org/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2013/oct/msg00003.html	Trust: 0.3

sources: VULHUB: VHN-65132 // BID: 63289 // JVNDB: JVNDB-2013-004871 // CNNVD: CNNVD-201310-606 // NVD: CVE-2013-5130

CREDITS

Google Chrome Security Team

Trust: 0.3

sources: BID: 63289

SOURCES

db:	VULHUB	id:	VHN-65132
db:	BID	id:	63289
db:	JVNDB	id:	JVNDB-2013-004871
db:	CNNVD	id:	CNNVD-201310-606
db:	NVD	id:	CVE-2013-5130

LAST UPDATE DATE

2025-04-11T21:00:47.039000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65132	date:	2013-10-24T00:00:00
db:	BID	id:	63289	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004871	date:	2013-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201310-606	date:	2013-10-25T00:00:00
db:	NVD	id:	CVE-2013-5130	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65132	date:	2013-10-24T00:00:00
db:	BID	id:	63289	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004871	date:	2013-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201310-606	date:	2013-10-25T00:00:00
db:	NVD	id:	CVE-2013-5130	date:	2013-10-24T10:53:09.723