CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 2CVE-2003-0514 – Apple Safari 1.x - Cookie Directory Traversal
https://notcve.org/view.php?id=CVE-2003-0514
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Apple Safari permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Safari envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • https://www.exploit-db.com/exploits/23800 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2003-0975
https://notcve.org/view.php?id=CVE-2003-0975
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. Apple Safari 1.0 a 1.1 en Mac OS X 10.3.1 y Mac OS X 10.2.8 permite a atacantes remotos robar 'cookies' de usuarios de otro dominio mediante un enlace con un carácter nulo codificado-hex (%00) seguido del dominio objetivo. • http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/mhonarc/security-announce/msg00042.html http://marc.info/?l=bugtraq&m=106917674428552&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/7973 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2003-0370
https://notcve.org/view.php?id=CVE-2003-0370
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Konqueror Embedded y KDE 2.2.2 y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitiría que atacantes remotos falsifiquen certificados mediante un ataque "man-in-the-middle". • http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030602-1.txt http://www.redhat.com/support/errata/RHSA-2003-192.html http://www.redhat.com/support/errata/RHSA-2003-193.html http://www.securityfocus.com/archive/1/320707 http://www.securityfocus.com/bid/7520 http://www.turbolinux.com/security/TLSA-2003-36.txt https://access.redhat.com/security/cve/CVE-2003 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0355
https://notcve.org/view.php?id=CVE-2003-0355
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. Safari 1.0 Beta 2 (v73) y anteriores no validan el campo Common Name (CN) para Certificados X.509, lo que permitiría a atacantes remotos falsificar certificados. • http://www.securityfocus.com/archive/1/320707 •