CVE-2007-5858 - OpenCVE

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Ipod Touch Safari Iphone Mac Os X

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*

OR	cpe:2.3:h:apple:iphone:1.0:::::::*
	cpe:2.3:h:apple:iphone:1.02:::::::*
	cpe:2.3:h:apple:ipod_touch:1.1:::::::*
	cpe:2.3:h:apple:ipod_touch:1.1.1:::::::*
	cpe:2.3:h:apple:ipod_touch:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307178
http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307302
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html
http://secunia.com/advisories/28136	Vendor Advisory
http://secunia.com/advisories/28497	Vendor Advisory
http://securitytracker.com/id?1019108
http://www.securityfocus.com/bid/26911
http://www.us-cert.gov/cas/techalerts/TA07-352A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/4238	Vendor Advisory
http://www.vupen.com/english/advisories/2008/0147	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39091

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-19T21:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-11-06T00:00:00

Link: CVE-2007-5858

JSON object: View

NVD Information

Status : Modified

Published: 2007-12-19T21:46:00.000

Modified: 2022-08-09T13:46:58.963

Link: CVE-2007-5858

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to \"navigate the subframes of any other page,\" which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307178"}, {"name": "ADV-2007-4238", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "TA07-352A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "28136", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28136"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307302"}, {"name": "safari-webkit-security-bypass(39091)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"}, {"name": "APPLE-SA-2007-12-17", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "28497", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28497"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "26911", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26911"}, {"name": "APPLE-SA-2008-01-15", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"}, {"name": "ADV-2008-0147", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0147"}, {"name": "1019108", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019108"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5858", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to \"navigate the subframes of any other page,\" which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://docs.info.apple.com/article.html?artnum=307178", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307178"}, {"name": "ADV-2007-4238", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "TA07-352A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "28136", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28136"}, {"name": "http://docs.info.apple.com/article.html?artnum=307302", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307302"}, {"name": "safari-webkit-security-bypass(39091)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"}, {"name": "APPLE-SA-2007-12-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "28497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28497"}, {"name": "http://docs.info.apple.com/article.html?artnum=307179", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "26911", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26911"}, {"name": "APPLE-SA-2008-01-15", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"}, {"name": "ADV-2008-0147", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0147"}, {"name": "1019108", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019108"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5858", "datePublished": "2007-12-19T21:00:00", "dateReserved": "2007-11-06T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*", "matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35", "vulnerable": false}, {"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9", "vulnerable": false}, {"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71", "vulnerable": false}, {"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to \"navigate the subframes of any other page,\" which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information."}, {"lang": "es", "value": "WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos \"navigate the subframes of any other page\", lo que se puede aprovechar para conducir ataques de tipo cross-site scripting (XSS) y obtener informaci\u00f3n confidencial."}], "id": "CVE-2007-5858", "lastModified": "2022-08-09T13:46:58.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-19T21:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307178"}, {"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307302"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28136"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28497"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1019108"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26911"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0147"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}