Vulnerability Name:
CVE-2008-1025 (CCN-41862)
Assigned:
2008-04-16
Published:
2008-04-16
Updated:
2017-08-08
Summary:
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
4.3 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.7 Low
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.7 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-79
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2008-1025
Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-07-11
Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-04-16
Source: CCN
Type: APPLE-SA-2008-04-16
APPLE-SA-2008-04-16 Safari 3.1.1
Source: CCN
Type: SA29846
Safari Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
29846
Source: CCN
Type: SA31074
Apple iPhone / iPod touch Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
31074
Source: CCN
Type: SECTRACK ID: 1019869
Safari WebKit Input Validation Bug in Processing URLs Permits Cross-Site Scripting Attacks
Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT1467
Source: CCN
Type: Apple Web site
About the security content of iPhone v2.0 and iPod touch v2.0
Source: CCN
Type: US-CERT VU#705529
Apple Safari WebKit fails to properly handle a crafted URL
Source: CERT-VN
Type: US Government Resource
VU#705529
Source: CCN
Type: OSVDB ID: 44468
Apple Safari WebKit URL Hostname XSS
Source: BID
Type: UNKNOWN
28814
Source: CCN
Type: BID-28814
Apple Safari WebKit URI Handling Cross-Site Scripting Vulnerability
Source: CCN
Type: BID-30186
Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
Source: SECTRACK
Type: UNKNOWN
1019869
Source: VUPEN
Type: UNKNOWN
ADV-2008-1250
Source: VUPEN
Type: UNKNOWN
ADV-2008-2094
Source: XF
Type: UNKNOWN
apple-safari-webkit-hostname-xss(41862)
Source: XF
Type: UNKNOWN
apple-safari-webkit-hostname-xss(41862)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:apple:safari:0.8:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:0.9:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:webkit:*:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:apple:safari:1.2.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.4_beta:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.1:beta:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:beta2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3:*:*:*:*:*:*:*
AND
cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
OR
cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
OR
cpe:/h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
apple
safari 0.8
apple
safari 0.9
apple
safari 1.0
apple
safari 1.0.3
apple
safari 1.1
apple
safari 1.2
apple
safari 1.3
apple
safari 1.3.1
apple
safari 1.3.2
apple
safari 2.0
apple
safari 2.0.2
apple
safari 2.0.4
apple
safari 3.0
apple
safari 3.0.2
apple
safari 3.0.3
apple
safari 3.0.4
apple
safari 3.1
apple
webkit *
apple
safari 1.2.3
apple
safari 2.0.2
apple
safari 2.0.4
apple
safari 3.0.3
apple
safari 3.0.4_beta
apple
safari 3.1
apple
safari 3.0.1 beta
apple
safari 2.0.3
apple
safari 2.0.1
apple
safari 1.3.1
apple
safari 1.3
apple
safari 1.2.2
apple
safari 1.2.1
apple
safari 1.2
apple
safari 1.1
apple
safari 1.0
apple
safari beta2
apple
safari 3
apple
iphone 1.0
apple
iphone 1.1.2
apple
iphone 1.1.3
apple
iphone 1.1.1
apple
ipod touch 1.1
apple
ipod touch 1.1.1
apple
ipod touch 1.1.2
apple
iphone 1.1.4
apple
ipod touch 1.1.3
apple
ipod touch 1.1.4
Denotes that component is vulnerable