Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Apple Safari cross-domain HTTP redirection race condition
Informations
Name VU#289988 First vendor Publication 2007-06-25
Vendor VU-CERT Last vendor Modification 2007-08-10
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#289988

Apple Safari cross-domain HTTP redirection race condition

Overview

Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation.

I. Description

Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may allow JavaScript to modify content in another domain, which is a violation of the same-origin policy.

Note that this vulnerability is reported to only be in the Safari 3 beta, which is available for Mac OS X 10.4.9, Windows XP, and Vista.

II. Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page, an HTML email message, or an email attachment), an attacker may be able to execute script or obtain full access to content in a different domain. The impact is similar to that of a cross-site scripting vulnerability. This includes the ability to spoof or modify web content, access website information such as cookies, or retrieve data from an encrypted HTTPS connection. For a more detailed description of the impact of cross-site scripting vulnerabilities, please see CERT Advisory CA-2000-02.

III. Solution

Apply an update

This issue is addressed by Apple Safari Beta Update 3.0.2.

Disable JavaScript

This vulnerability can be mitigated in Safari by disabling JavaScript. Guidelines for setting preferences in Safari can be found in the "Securing Your Web Browser" document.

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable25-Jun-2007

References

http://www.cert.org/tech_tips/securing_browser/#Safari
http://www.apple.com/safari/download/
http://www.mozilla.org/projects/security/components/same-origin.html
http://docs.info.apple.com/article.html?artnum=61798

Credit

This vulnerability was reported by Apple, who in turn credit Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc.

This document was written by Will Dormann.

Other Information

Date Public
Date First Published06/25/2007 10:35:01 AM
Date Last Updated08/10/2007
CERT Advisory 
CVE NameCVE-2007-2400
Metric0.47
Document Revision7

Original Source

Url : http://www.kb.cert.org/vuls/id/289988

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-362 Race Condition
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Os 17

Open Source Vulnerability Database (OSVDB)

Id Description
36452 Apple Safari / iPhone HTTP Redirect Unspecified JavaScript Security Model