CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6592
https://notcve.org/view.php?id=CVE-2007-6592
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Apple Safari 2, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos los nombres de dominios en los campos subjectAltName:dNSName, lo cual facilita a los atacantes remotos engañar al usuario para que acepte un certificado inválido para un sitio web falso. • http://nils.toedtmann.net/pub/subjectAltName.txt http://securityreason.com/securityalert/3498 http://www.securityfocus.com/archive/1/483929/100/100/threaded http://www.securityfocus.com/archive/1/483937/100/100/threaded •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4698
https://notcve.org/view.php?id=CVE-2007-4698
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40663 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26446 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos falsificar la autenticación HTTP para otros sitios y posiblemente conducir ataques de phishing causando que se muestre una hoja de autenticación para una pestaña que no está activa, lo que hace que parezca como si está asociada con la pestaña activa. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40662 http://secunia.com/advisories/27643 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26447 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868 https://exchange.xforce.ibmcloud.com&#x • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2007-3760
https://notcve.org/view.php?id=CVE-2007-3760
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Una vulnerabilidad de tipo cross-site scripting (XSS) en Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de etiquetas de trama. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25850 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos "alter or access" al contenido HTTPS por medio de una sesión HTTP con una página web diseñada que causa que Javascript sea aplicado a páginas HTTPS del mismo dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25852 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-20: Improper Input Validation •