CVE-2007-2408

Published: Aug 3, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.

Affected (4)

Products: Apple: Safari

Apple

1 product

Safari

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://docs.info.apple.com/article.html?artnum=306174

Source: cve@mitre.org

Patch

http://isc.sans.org/diary.html?storyid=3214

Source: cve@mitre.org

http://www.securityfocus.com/bid/25157

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2007/2730

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/35714

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306174