CVE-2007-2400 — MEDIUM (4.3)

Q: How severe is CVE-2007-2400?

CVE-2007-2400 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-2400?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.

Vulnerability Description

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	<= 1.0
Apple	Mac Os X	All versions
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions
Apple	Safari	3.0

Related Weaknesses (CWE)

CWE-362 CWE-79

References

http://docs.info.apple.com/article.html?artnum=306173Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.htmlPatchVendor Advisory
http://osvdb.org/36452
http://secunia.com/advisories/26287Vendor Advisory
http://www.kb.cert.org/vuls/id/289988US Government Resource
http://www.securityfocus.com/bid/24599Patch
http://www.securitytracker.com/id?1018282Patch
http://www.vupen.com/english/advisories/2007/2316Vendor Advisory
http://www.vupen.com/english/advisories/2007/2731Vendor Advisory
http://docs.info.apple.com/article.html?artnum=306173Vendor Advisory
http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.htmlPatchVendor Advisory
http://osvdb.org/36452
http://secunia.com/advisories/26287Vendor Advisory
http://www.kb.cert.org/vuls/id/289988US Government Resource
http://www.securityfocus.com/bid/24599Patch

FAQ

What is CVE-2007-2400?

CVE-2007-2400 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages out...

How severe is CVE-2007-2400?

CVE-2007-2400 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2400?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.