Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0975

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0975
Last Modified 10 Sep 2008 03:21:18
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0975

Summary

Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.2.8

  • Apple Mac Os X 10.3.1

  • Apple Mac Os X Server 10.2.8

  • Apple Mac Os X Server 10.3.1

Application

  • Apple Safari 1.0

  • Apple Safari 1.1


References

XF - mozilla-netscape-steal-cookies(7973)

BUGTRAQ - 20031118 Apple Safari 1.1 (v100)

CONFIRM - http://lists.apple.com/mhonarc/security-announce/msg00042.html

CONFIRM - http://docs.info.apple.com/article.html?artnum=61798


Last Updated: 27 May 2016 10:38:07