CVE-2011-3229
Apple Safari Directory Traversal
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
Vulnerabilidad de salto de directorio en Apple Safari antes de v5.1.1 permite a atacantes remotos ejecutar código JavaScript de su elección en un contexto de extensiones de Safari a través de una extensión safari manipulada: URL.
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-19 CVE Reserved
- 2011-10-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/76388 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70566 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html | 2017-08-29 | |
| http://support.apple.com/kb/HT5000 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | * | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 5.1 Search vendor "Apple" for product "Safari" and version " <= 5.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0 Search vendor "Apple" for product "Safari" and version "1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0 Search vendor "Apple" for product "Safari" and version "1.0" | beta |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0 Search vendor "Apple" for product "Safari" and version "1.0" | beta2 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.0 Search vendor "Apple" for product "Safari" and version "1.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.0b1 Search vendor "Apple" for product "Safari" and version "1.0.0b1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.0b2 Search vendor "Apple" for product "Safari" and version "1.0.0b2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.1 Search vendor "Apple" for product "Safari" and version "1.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.2 Search vendor "Apple" for product "Safari" and version "1.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.3 Search vendor "Apple" for product "Safari" and version "1.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.3 Search vendor "Apple" for product "Safari" and version "1.0.3" | 85.8 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0.3 Search vendor "Apple" for product "Safari" and version "1.0.3" | 85.8.1 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.0b1 Search vendor "Apple" for product "Safari" and version "1.0b1" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.1 Search vendor "Apple" for product "Safari" and version "1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.1.0 Search vendor "Apple" for product "Safari" and version "1.1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.1.1 Search vendor "Apple" for product "Safari" and version "1.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2 Search vendor "Apple" for product "Safari" and version "1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2.0 Search vendor "Apple" for product "Safari" and version "1.2.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2.1 Search vendor "Apple" for product "Safari" and version "1.2.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2.2 Search vendor "Apple" for product "Safari" and version "1.2.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2.3 Search vendor "Apple" for product "Safari" and version "1.2.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2.4 Search vendor "Apple" for product "Safari" and version "1.2.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.2.5 Search vendor "Apple" for product "Safari" and version "1.2.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.3 Search vendor "Apple" for product "Safari" and version "1.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.3.0 Search vendor "Apple" for product "Safari" and version "1.3.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.3.1 Search vendor "Apple" for product "Safari" and version "1.3.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.3.2 Search vendor "Apple" for product "Safari" and version "1.3.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.3.2 Search vendor "Apple" for product "Safari" and version "1.3.2" | 312.5 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 1.3.2 Search vendor "Apple" for product "Safari" and version "1.3.2" | 312.6 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2 Search vendor "Apple" for product "Safari" and version "2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0 Search vendor "Apple" for product "Safari" and version "2.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.0 Search vendor "Apple" for product "Safari" and version "2.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.1 Search vendor "Apple" for product "Safari" and version "2.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.2 Search vendor "Apple" for product "Safari" and version "2.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.8 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.9 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.9.2 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.9.3 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.4 Search vendor "Apple" for product "Safari" and version "2.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.4 Search vendor "Apple" for product "Safari" and version "2.0.4" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3 Search vendor "Apple" for product "Safari" and version "3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0 Search vendor "Apple" for product "Safari" and version "3.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.0 Search vendor "Apple" for product "Safari" and version "3.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.0 Search vendor "Apple" for product "Safari" and version "3.0.0" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.0b Search vendor "Apple" for product "Safari" and version "3.0.0b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.0b Search vendor "Apple" for product "Safari" and version "3.0.0b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1 Search vendor "Apple" for product "Safari" and version "3.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1 Search vendor "Apple" for product "Safari" and version "3.0.1" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1 Search vendor "Apple" for product "Safari" and version "3.0.1" | beta |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1b Search vendor "Apple" for product "Safari" and version "3.0.1b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1b Search vendor "Apple" for product "Safari" and version "3.0.1b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.2 Search vendor "Apple" for product "Safari" and version "3.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.2 Search vendor "Apple" for product "Safari" and version "3.0.2" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.2b Search vendor "Apple" for product "Safari" and version "3.0.2b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.2b Search vendor "Apple" for product "Safari" and version "3.0.2b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.3 Search vendor "Apple" for product "Safari" and version "3.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.3 Search vendor "Apple" for product "Safari" and version "3.0.3" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.3b Search vendor "Apple" for product "Safari" and version "3.0.3b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.3b Search vendor "Apple" for product "Safari" and version "3.0.3b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.4 Search vendor "Apple" for product "Safari" and version "3.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.4 Search vendor "Apple" for product "Safari" and version "3.0.4" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.4b Search vendor "Apple" for product "Safari" and version "3.0.4b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.4b Search vendor "Apple" for product "Safari" and version "3.0.4b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.0 Search vendor "Apple" for product "Safari" and version "3.1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.0 Search vendor "Apple" for product "Safari" and version "3.1.0" | mac |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.0b Search vendor "Apple" for product "Safari" and version "3.1.0b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.0b Search vendor "Apple" for product "Safari" and version "3.1.0b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.1 Search vendor "Apple" for product "Safari" and version "3.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.1b Search vendor "Apple" for product "Safari" and version "3.1.1b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.2 Search vendor "Apple" for product "Safari" and version "3.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.2b Search vendor "Apple" for product "Safari" and version "3.1.2b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.0 Search vendor "Apple" for product "Safari" and version "3.2.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.0b Search vendor "Apple" for product "Safari" and version "3.2.0b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.1 Search vendor "Apple" for product "Safari" and version "3.2.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.1b Search vendor "Apple" for product "Safari" and version "3.2.1b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.2 Search vendor "Apple" for product "Safari" and version "3.2.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.2b Search vendor "Apple" for product "Safari" and version "3.2.2b" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0 Search vendor "Apple" for product "Safari" and version "4.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0 Search vendor "Apple" for product "Safari" and version "4.0" | beta |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.0b Search vendor "Apple" for product "Safari" and version "4.0.0b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.1 Search vendor "Apple" for product "Safari" and version "4.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.2 Search vendor "Apple" for product "Safari" and version "4.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.3 Search vendor "Apple" for product "Safari" and version "4.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.4 Search vendor "Apple" for product "Safari" and version "4.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.5 Search vendor "Apple" for product "Safari" and version "4.0.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.1 Search vendor "Apple" for product "Safari" and version "4.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.1.1 Search vendor "Apple" for product "Safari" and version "4.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.1.2 Search vendor "Apple" for product "Safari" and version "4.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0 Search vendor "Apple" for product "Safari" and version "5.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0.1 Search vendor "Apple" for product "Safari" and version "5.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0.2 Search vendor "Apple" for product "Safari" and version "5.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0.3 Search vendor "Apple" for product "Safari" and version "5.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0.4 Search vendor "Apple" for product "Safari" and version "5.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0.5 Search vendor "Apple" for product "Safari" and version "5.0.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 5.0.6 Search vendor "Apple" for product "Safari" and version "5.0.6" | - |
Affected
| ||||||