CVE-2010-1386 - OpenCVE

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Webkit

Configuration 1 [-]

OR	cpe:2.3:a:apple:webkit::::::::
	cpe:2.3:a:apple:webkit:r50173:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/41856	Vendor Advisory
http://secunia.com/advisories/43068	Vendor Advisory
http://security-tracker.debian.org/tracker/CVE-2010-1386
http://trac.webkit.org/changeset/56188
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.securityfocus.com/bid/42500
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/2722	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0212	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0552	Vendor Advisory
https://bugs.webkit.org/show_bug.cgi?id=36255

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2010-08-19T20:00:00

Updated: 2010-10-21T09:00:00

Reserved: 2010-04-15T00:00:00

Link: CVE-2010-1386

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-08-19T22:00:01.750

Modified: 2011-08-23T04:00:00.000

Link: CVE-2010-1386

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-10-21T09:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "MDVSA-2011:039", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-1386"}, {"name": "ADV-2010-2722", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43068"}, {"name": "USN-1006-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"name": "41856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41856"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "42500", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/42500"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.webkit.org/changeset/56188"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "ADV-2011-0552", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0552"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.webkit.org/show_bug.cgi?id=36255"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-1386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2011:039", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"name": "http://security-tracker.debian.org/tracker/CVE-2010-1386", "refsource": "CONFIRM", "url": "http://security-tracker.debian.org/tracker/CVE-2010-1386"}, {"name": "ADV-2010-2722", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068"}, {"name": "USN-1006-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"name": "41856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41856"}, {"name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "42500", "refsource": "BID", "url": "http://www.securityfocus.com/bid/42500"}, {"name": "http://trac.webkit.org/changeset/56188", "refsource": "CONFIRM", "url": "http://trac.webkit.org/changeset/56188"}, {"name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "ADV-2011-0552", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0552"}, {"name": "https://bugs.webkit.org/show_bug.cgi?id=36255", "refsource": "CONFIRM", "url": "https://bugs.webkit.org/show_bug.cgi?id=36255"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-1386", "datePublished": "2010-08-19T20:00:00", "dateReserved": "2010-04-15T00:00:00", "dateUpdated": "2010-10-21T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE9F8416-9CBB-4165-9507-C13F599B1F05", "versionEndIncluding": "r56187", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:webkit:r50173:*:*:*:*:*:*:*", "matchCriteriaId": "74950329-ADB0-4C00-B021-83689FFEAFDA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357."}, {"lang": "es", "value": "En el archivo page/Geolocation.cpp en WebCore en WebKit anterior a r56188 y anterior a versi\u00f3n 1.2.5 no restringe apropiadamente el acceso a la funci\u00f3n lastPosition, que tiene un impacto no especificado y vectores de ataque remoto, tambi\u00e9n se conoce como rdar problem 7746357."}], "id": "CVE-2010-1386", "lastModified": "2011-08-23T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-08-19T22:00:01.750", "references": [{"source": "product-security@apple.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41856"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43068"}, {"source": "product-security@apple.com", "url": "http://security-tracker.debian.org/tracker/CVE-2010-1386"}, {"source": "product-security@apple.com", "url": "http://trac.webkit.org/changeset/56188"}, {"source": "product-security@apple.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/42500"}, {"source": "product-security@apple.com", "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0552"}, {"source": "product-security@apple.com", "url": "https://bugs.webkit.org/show_bug.cgi?id=36255"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}