CVE-2007-3759

Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html	Patch
http://docs.info.apple.com/article.html?artnum=306586
http://www.securityfocus.com/bid/25853
http://securitytracker.com/id?1018752
http://secunia.com/advisories/26983
http://osvdb.org/38532
https://exchange.xforce.ibmcloud.com/vulnerabilities/36858

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:h:apple:iphone:1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Information

Published : 2007-09-27 15:17

Updated : 2022-08-09 06:46

NVD link : CVE-2007-3759

Mitre link : CVE-2007-3759

JSON object : View

CWE

CWE-16

Configuration

Products Affected

apple

iphone_os
safari
iphone

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html", "name": "APPLE-SA-2007-09-27", "tags": ["Patch"], "refsource": "APPLE"}, {"url": "http://docs.info.apple.com/article.html?artnum=306586", "name": "http://docs.info.apple.com/article.html?artnum=306586", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/25853", "name": "25853", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1018752", "name": "1018752", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/26983", "name": "26983", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/38532", "name": "38532", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36858", "name": "iphone-javascript-weak-security(36858)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3759", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-09-27T22:17Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-09T13:46Z"}

6.8 /10