CVE-2007-2580

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/23825
http://www.osvdb.org/35569
http://securityreason.com/securityalert/2685
http://www.securityfocus.com/archive/1/468869/100/0/threaded
http://www.securityfocus.com/archive/1/468737/100/0/threaded
http://www.securityfocus.com/archive/1/468727/100/0/threaded
http://www.securityfocus.com/archive/1/468719/100/0/threaded
http://www.securityfocus.com/archive/1/468650/100/0/threaded
http://www.securityfocus.com/archive/1/468639/100/0/threaded
http://www.securityfocus.com/archive/1/468585/100/0/threaded
http://www.securityfocus.com/archive/1/468544/100/0/threaded
http://www.securityfocus.com/archive/1/467676/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Information

Published : 2007-05-09 14:19

Updated : 2018-10-16 09:44

NVD link : CVE-2007-2580

Mitre link : CVE-2007-2580

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

apple

safari

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/23825", "name": "23825", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/35569", "name": "35569", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/2685", "name": "2685", "tags": [], "refsource": "SREASON"}, {"url": "http://www.securityfocus.com/archive/1/468869/100/0/threaded", "name": "20070517 Re: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468737/100/0/threaded", "name": "20070516 RE: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468727/100/0/threaded", "name": "20070516 Re: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468719/100/0/threaded", "name": "20070515 Re: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468650/100/0/threaded", "name": "20070515 RE: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468639/100/0/threaded", "name": "20070514 Re: RE: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468585/100/0/threaded", "name": "20070514 RE: Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/468544/100/0/threaded", "name": "20070514 Apple Safari on MacOSX may reveal user's saved passwords", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/467676/100/0/threaded", "name": "20070504 safari's saved password at risk", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2580", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-05-09T21:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-16T16:44Z"}