CVE-2007-2580

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/2685
http://www.osvdb.org/35569
http://www.securityfocus.com/archive/1/467676/100/0/threaded
http://www.securityfocus.com/archive/1/468544/100/0/threaded
http://www.securityfocus.com/archive/1/468585/100/0/threaded
http://www.securityfocus.com/archive/1/468639/100/0/threaded
http://www.securityfocus.com/archive/1/468650/100/0/threaded
http://www.securityfocus.com/archive/1/468719/100/0/threaded
http://www.securityfocus.com/archive/1/468727/100/0/threaded
http://www.securityfocus.com/archive/1/468737/100/0/threaded
http://www.securityfocus.com/archive/1/468869/100/0/threaded
http://www.securityfocus.com/bid/23825

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-09 21:19

Updated : 2023-12-10 10:40

NVD link : CVE-2007-2580

Mitre link : CVE-2007-2580

CVE.ORG link : CVE-2007-2580

JSON object : View

Products Affected

apple

safari

CWE

NVD-CWE-Other

{"id": "CVE-2007-2580", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-05-09T21:19:00.000", "references": [{"url": "http://securityreason.com/securityalert/2685", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/35569", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/467676/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468544/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468585/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468639/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468650/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468719/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468727/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468737/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/468869/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23825", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en Apple Safari permite a los usuarios locales obtener informaci\u00f3n confidencial (contrase\u00f1as de llavero guardadas) por medio del par\u00e1metro JavaScript document.loginform.password.value cargado desde un script AppleScript."}], "lastModified": "2018-10-16T16:44:37.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}