| Vulnerability Name: | CVE-2010-1099 (CCN-57233) | ||||||||
| Assigned: | 2010-03-23 | ||||||||
| Published: | 2010-03-23 | ||||||||
| Updated: | 2018-10-10 | ||||||||
| Summary: | Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-189 CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Mar 23 2010 - 14:28:30 CDT Safari browser port blocking bypassed by integer overflow Source: MITRE Type: CNA CVE-2010-1099 Source: CCN Type: Apple Web site Safari Source: CCN Type: OSVDB ID: 63511 Apple Safari Crafted Short Data Type Outbound TCP Connection Restriction Bypass Source: CCN Type: OSVDB ID: 65313 Apple Safari WebKit TCP Port Request Handling Information Disclosure Source: BUGTRAQ Type: UNKNOWN 20100323 Safari browser port blocking bypassed by integer overflow Source: XF Type: UNKNOWN safari-tcp-security-bypass(57233) Source: XF Type: UNKNOWN safari-tcp-security-bypass(57233) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||