Details of VAR-201312-0485

ID

VAR-201312-0485

CVE

CVE-2013-7127

TITLE

Apple Mac OS X Run on Safari Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-005600

DESCRIPTION

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file. Apple Safari is prone to an information-disclosure vulnerability. Successful exploits may allow attackers to gain access to sensitive information. Information obtained may lead to further attacks. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems

Trust: 1.98

sources: NVD: CVE-2013-7127 // JVNDB: JVNDB-2013-005600 // BID: 64409 // VULHUB: VHN-67129

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 2.7
vendor:	apple	model:	mac os x	scope:	eq	version:	10.7.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.8.5	Trust: 0.8
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	6.1	Trust: 0.3

sources: BID: 64409 // JVNDB: JVNDB-2013-005600 // CNNVD: CNNVD-201312-360 // NVD: CVE-2013-7127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7127
value:	LOW
Trust: 1.0
NVD:	CVE-2013-7127
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201312-360
value:	LOW
Trust: 0.6
VULHUB:	VHN-67129
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-7127
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-67129
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-67129 // JVNDB: JVNDB-2013-005600 // CNNVD: CNNVD-201312-360 // NVD: CVE-2013-7127

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-67129 // JVNDB: JVNDB-2013-005600 // NVD: CVE-2013-7127

THREAT TYPE

local

Trust: 0.9

sources: BID: 64409 // CNNVD: CNNVD-201312-360

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201312-360

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005600

PATCH

title:	APPLE-SA-2013-10-22-2	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html	Trust: 0.8
title:	HT6000	url:	http://support.apple.com/kb/HT6000	Trust: 0.8
title:	HT6000	url:	http://support.apple.com/kb/HT6000?viewlocale=ja_JP	Trust: 0.8
title:	OSXUpd10.9.1	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47180	Trust: 0.6

sources: JVNDB: JVNDB-2013-005600 // CNNVD: CNNVD-201312-360

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7127	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-005600	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-360	Trust: 0.7
db:	BID	id:	64409	Trust: 0.4
db:	VULHUB	id:	VHN-67129	Trust: 0.1

sources: VULHUB: VHN-67129 // BID: 64409 // JVNDB: JVNDB-2013-005600 // CNNVD: CNNVD-201312-360 // NVD: CVE-2013-7127

REFERENCES

url:	http://www.securelist.com/en/blog/8168/loophole_in_safari	Trust: 2.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89941	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7127	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7127	Trust: 0.8
url:	http://www.apple.com/safari/	Trust: 0.3

sources: VULHUB: VHN-67129 // BID: 64409 // JVNDB: JVNDB-2013-005600 // CNNVD: CNNVD-201312-360 // NVD: CVE-2013-7127

CREDITS

Vyacheslav Zakorzhevsky

Trust: 0.3

sources: BID: 64409

SOURCES

db:	VULHUB	id:	VHN-67129
db:	BID	id:	64409
db:	JVNDB	id:	JVNDB-2013-005600
db:	CNNVD	id:	CNNVD-201312-360
db:	NVD	id:	CVE-2013-7127

LAST UPDATE DATE

2025-04-11T22:55:49.711000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-67129	date:	2017-08-29T00:00:00
db:	BID	id:	64409	date:	2013-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005600	date:	2013-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201312-360	date:	2013-12-19T00:00:00
db:	NVD	id:	CVE-2013-7127	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-67129	date:	2013-12-17T00:00:00
db:	BID	id:	64409	date:	2013-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005600	date:	2013-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201312-360	date:	2013-12-19T00:00:00
db:	NVD	id:	CVE-2013-7127	date:	2013-12-17T15:21:28.887