CVE-2007-4696 - OpenCVE

Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Mac Os X Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.10:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.10:::::::*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307041
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html	Patch
http://secunia.com/advisories/27643	Vendor Advisory
http://securitytracker.com/id?1018948
http://www.securityfocus.com/bid/26444
http://www.us-cert.gov/cas/techalerts/TA07-319A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/3868

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-15T01:00:00

Updated: 2007-11-17T10:00:00

Reserved: 2007-09-05T00:00:00

Link: CVE-2007-4696

JSON object: View

NVD Information

Status : Modified

Published: 2007-11-15T01:46:00.000

Modified: 2011-03-08T02:59:01.813

Link: CVE-2007-4696

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to \"page transitions\" in Safari."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-17T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26444", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26444"}, {"name": "APPLE-SA-2007-11-14", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"name": "1018948", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018948"}, {"name": "ADV-2007-3868", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"name": "27643", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27643"}, {"name": "TA07-319A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to \"page transitions\" in Safari."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26444", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26444"}, {"name": "APPLE-SA-2007-11-14", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=307041", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"name": "1018948", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018948"}, {"name": "ADV-2007-3868", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3868"}, {"name": "27643", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27643"}, {"name": "TA07-319A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4696", "datePublished": "2007-11-15T01:00:00", "dateReserved": "2007-09-05T00:00:00", "dateUpdated": "2007-11-17T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "29644501-54BD-45E9-A6C1-618892CD354F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A132487-E89F-4D0D-8366-14AFC904811F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD231103-D7C7-4697-BE90-D67558D6115C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "BCADAAA0-C885-466C-A122-A94E73EAF817", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "448DB1C7-7B0C-4076-9B9F-1CDCD5EB6930", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2BE429EF-24D4-453A-8B43-8CCEF5D72773", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "8AC9692A-CE81-446D-B136-449662C4B9A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "504D78AB-5374-48C9-B357-DB6BD2267D2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "3029892E-1375-4F40-83D3-A51BDC4E9840", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "81F8DA6D-2258-4138-8FB2-90BE3C68B230", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to \"page transitions\" in Safari."}, {"lang": "es", "value": "Condici\u00f3n de carrera en WebCore de Apple Mac OS X 10.4 hasta 10.4.10 permite a atacantes remotos obtener informaci\u00f3n confidencial de formularios de otros sitios mediante vectores desconocidos relativos a \"transiciones de p\u00e1gina\" en Safari."}], "id": "CVE-2007-4696", "lastModified": "2011-03-08T02:59:01.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-11-15T01:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307041"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27643"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018948"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26444"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3868"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}