CVE-2007-2400 - Vulnerability Details - OpenCVE

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Safari
Microsoft	Windows Vista Windows Xp

Configuration 1 [-]

AND

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

OR	cpe:2.3:a:apple:safari:3.0::windows:::::
	cpe:2.3:a:apple:safari:3.0.1::windows:::::

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=306173
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
http://osvdb.org/36452
http://secunia.com/advisories/26287
http://www.kb.cert.org/vuls/id/289988
http://www.securityfocus.com/bid/24599
http://www.securitytracker.com/id?1018282
http://www.vupen.com/english/advisories/2007/2316
http://www.vupen.com/english/advisories/2007/2731

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-25T19:00:00

Updated: 2024-08-07T13:33:28.684Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2400

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-25T19:30:00.000

Modified: 2024-11-21T00:30:41.750

Link: CVE-2007-2400

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-08-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36452", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36452"}, {"name": "ADV-2007-2316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "APPLE-SA-2007-06-22", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"name": "1018282", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018282"}, {"name": "24599", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24599"}, {"name": "26287", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26287"}, {"name": "VU#289988", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/289988"}, {"name": "ADV-2007-2731", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2731"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36452", "refsource": "OSVDB", "url": "http://osvdb.org/36452"}, {"name": "ADV-2007-2316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"name": "http://docs.info.apple.com/article.html?artnum=306173", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "APPLE-SA-2007-06-22", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"name": "1018282", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018282"}, {"name": "24599", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24599"}, {"name": "26287", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26287"}, {"name": "VU#289988", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/289988"}, {"name": "ADV-2007-2731", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2731"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.684Z"}, "title": "CVE Program Container", "references": [{"name": "36452", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36452"}, {"name": "ADV-2007-2316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "APPLE-SA-2007-06-22", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"name": "1018282", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018282"}, {"name": "24599", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24599"}, {"name": "26287", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26287"}, {"name": "VU#289988", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/289988"}, {"name": "ADV-2007-2731", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2731"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2400", "datePublished": "2007-06-25T19:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.684Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6095A36B-BE17-4F65-81E6-2CAFACDF9577", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*", "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*", "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."}, {"lang": "es", "value": "Una condici\u00f3n de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remotos omitir el modelo de seguridad de Java y modificar p\u00e1ginas fuera del dominio de seguridad y conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados con la actualizaci\u00f3n de p\u00e1ginas y redireccionamientos de HTTP."}], "id": "CVE-2007-2400", "lastModified": "2024-11-21T00:30:41.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-25T19:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36452"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26287"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/289988"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24599"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1018282"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2731"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/289988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1018282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2731"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}