CVE-2007-2400

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2400
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://docs.info.apple.com/article.html?artnum=306173 Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html Patch Vendor Advisory
http://osvdb.org/36452
http://secunia.com/advisories/26287 Vendor Advisory
http://www.kb.cert.org/vuls/id/289988 US Government Resource
http://www.securityfocus.com/bid/24599 Patch
http://www.securitytracker.com/id?1018282 Patch
http://www.vupen.com/english/advisories/2007/2316 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2731 Vendor Advisory
http://docs.info.apple.com/article.html?artnum=306173 Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html Patch Vendor Advisory
http://osvdb.org/36452
http://secunia.com/advisories/26287 Vendor Advisory
http://www.kb.cert.org/vuls/id/289988 US Government Resource
http://www.securityfocus.com/bid/24599 Patch
http://www.securitytracker.com/id?1018282 Patch
http://www.vupen.com/english/advisories/2007/2316 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2731 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
OR cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*
History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://docs.info.apple.com/article.html?artnum=306173 - Vendor Advisory () http://docs.info.apple.com/article.html?artnum=306173 - Vendor Advisory
References () http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html - Patch, Vendor Advisory () http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html - Patch, Vendor Advisory
References () http://osvdb.org/36452 - () http://osvdb.org/36452 -
References () http://secunia.com/advisories/26287 - Vendor Advisory () http://secunia.com/advisories/26287 - Vendor Advisory
References () http://www.kb.cert.org/vuls/id/289988 - US Government Resource () http://www.kb.cert.org/vuls/id/289988 - US Government Resource
References () http://www.securityfocus.com/bid/24599 - Patch () http://www.securityfocus.com/bid/24599 - Patch
References () http://www.securitytracker.com/id?1018282 - Patch () http://www.securitytracker.com/id?1018282 - Patch
References () http://www.vupen.com/english/advisories/2007/2316 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2316 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2007/2731 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2731 - Vendor Advisory

09 Aug 2022, 13:46

Type Values Removed Values Added
CPE cpe:2.3:h:apple:iphone:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Information

Published : 2007-06-25 19:30

Updated : 2024-11-21 00:30

NVD link : CVE-2007-2400

Mitre link : CVE-2007-2400

CVE.ORG link : CVE-2007-2400

JSON object : View

Products Affected

apple

  • safari
  • mac_os_x
  • iphone_os

microsoft

  • windows_xp
  • windows_vista
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')