Details of VAR-201407-0092

ID

VAR-201407-0092

CVE

CVE-2014-1369

TITLE

Apple Safari Used in etc. WebKit In file: URL Vulnerabilities accessed by

Trust: 0.8

sources: JVNDB: JVNDB-2014-003065

DESCRIPTION

WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. Apple Safari Used in etc. WebKit is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in Apple Safari versions 6.1.4 and prior and WebKit versions 7.x prior to 7.0.5

Trust: 1.98

sources: NVD: CVE-2014-1369 // JVNDB: JVNDB-2014-003065 // BID: 68329 // VULHUB: VHN-69308

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	lte	version:	6.1.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	7.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x mavericks v10.9.3)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x lion v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x mountain lion v10.8.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	6.1.5	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x mavericks v10.9.3)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.x (os x lion server v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x lion server v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x lion v10.7.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	(os x mountain lion v10.8.5)	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	6.1.5	Trust: 0.3

sources: BID: 68329 // JVNDB: JVNDB-2014-003065 // CNNVD: CNNVD-201407-050 // NVD: CVE-2014-1369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1369
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-1369
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201407-050
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-69308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1369
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-69308
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-69308 // JVNDB: JVNDB-2014-003065 // CNNVD: CNNVD-201407-050 // NVD: CVE-2014-1369

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-69308 // JVNDB: JVNDB-2014-003065 // NVD: CVE-2014-1369

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-050

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201407-050

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003065

PATCH

title:	HT6293	url:	http://support.apple.com/kb/HT6293	Trust: 0.8
title:	HT6293	url:	http://support.apple.com/kb/HT6293?viewlocale=ja_JP	Trust: 0.8
title:	iPod4,1_6.1.5_10B400_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50809	Trust: 0.6
title:	iPhone6,1_7.1.2_11D257_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50808	Trust: 0.6
title:	iPhone6,2_7.1.2_11D257_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50807	Trust: 0.6
title:	OSXUpd10.9.4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50806	Trust: 0.6
title:	iPhone6,2_7.0.5_11B601_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50810	Trust: 0.6

sources: JVNDB: JVNDB-2014-003065 // CNNVD: CNNVD-201407-050

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1369	Trust: 2.8
db:	SECTRACK	id:	1030495	Trust: 1.1
db:	JVN	id:	JVNVU99696049	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003065	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-050	Trust: 0.7
db:	BID	id:	68329	Trust: 0.4
db:	VULHUB	id:	VHN-69308	Trust: 0.1

sources: VULHUB: VHN-69308 // BID: 68329 // JVNDB: JVNDB-2014-003065 // CNNVD: CNNVD-201407-050 // NVD: CVE-2014-1369

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html	Trust: 2.5
url:	http://www.securitytracker.com/id/1030495	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1369	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99696049/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1369	Trust: 0.8
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://support.apple.com/kb/ht6293	Trust: 0.3

sources: VULHUB: VHN-69308 // BID: 68329 // JVNDB: JVNDB-2014-003065 // CNNVD: CNNVD-201407-050 // NVD: CVE-2014-1369

CREDITS

Aaron Sigel of vtty.com

Trust: 0.3

sources: BID: 68329

SOURCES

db:	VULHUB	id:	VHN-69308
db:	BID	id:	68329
db:	JVNDB	id:	JVNDB-2014-003065
db:	CNNVD	id:	CNNVD-201407-050
db:	NVD	id:	CVE-2014-1369

LAST UPDATE DATE

2025-04-13T20:16:48.861000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-69308	date:	2015-12-08T00:00:00
db:	BID	id:	68329	date:	2014-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-003065	date:	2014-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201407-050	date:	2014-07-03T00:00:00
db:	NVD	id:	CVE-2014-1369	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-69308	date:	2014-07-01T00:00:00
db:	BID	id:	68329	date:	2014-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-003065	date:	2014-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201407-050	date:	2014-07-03T00:00:00
db:	NVD	id:	CVE-2014-1369	date:	2014-07-01T10:17:27.110