Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1004

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1004
Last Modified 07 Mar 2011 10:05:47
Published 18 Mar 2008 08:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1004

Summary

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

Vulnerable Systems

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.1

  • Apple Safari 1.2

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2.0

  • Apple Safari 2.0.2

  • Apple Safari 2.0.4

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4


References

CERT - TA08-079A

APPLE - APPLE-SA-2008-03-18

XF - safari-webinspector-security-bypass(41331)

VUPEN - ADV-2008-0920

SECTRACK - 1019653

BID - 28347

BID - 28290

SECUNIA - 29393

CONFIRM - http://docs.info.apple.com/article.html?artnum=307563

Related Patches

Apple 2008-03-18 Safari Update 3.1 (Tiger PPC)

Apple 2008-03-18 Safari Update 3.1 (Leopard)

Apple 2008-03-18 Safari Update 3.1 (Tiger Intel)


Last Updated: 27 May 2016 10:46:58