{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-08-09T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36452", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36452"}, {"name": "ADV-2007-2316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "APPLE-SA-2007-06-22", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"name": "1018282", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018282"}, {"name": "24599", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24599"}, {"name": "26287", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26287"}, {"name": "VU#289988", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/289988"}, {"name": "ADV-2007-2731", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2731"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36452", "refsource": "OSVDB", "url": "http://osvdb.org/36452"}, {"name": "ADV-2007-2316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"name": "http://docs.info.apple.com/article.html?artnum=306173", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"name": "APPLE-SA-2007-06-22", "refsource": "APPLE", "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"name": "1018282", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018282"}, {"name": "24599", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24599"}, {"name": "26287", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26287"}, {"name": "VU#289988", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/289988"}, {"name": "ADV-2007-2731", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2731"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2400", "datePublished": "2007-06-25T19:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2007-08-09T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6095A36B-BE17-4F65-81E6-2CAFACDF9577", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*", "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*", "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects."}, {"lang": "es", "value": "Una condici\u00f3n de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remotos omitir el modelo de seguridad de Java y modificar p\u00e1ginas fuera del dominio de seguridad y conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados con la actualizaci\u00f3n de p\u00e1ginas y redireccionamientos de HTTP."}], "id": "CVE-2007-2400", "lastModified": "2022-08-09T13:46:58.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-06-25T19:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=306173"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/36452"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26287"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/289988"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24599"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securitytracker.com/id?1018282"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2316"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/2731"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}