CVE-2007-4671

Published: Sep 27, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain.

Affected (2)

Products: Apple: Safari

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Safari	All versions

Running on/with	Platform Versions
Apple Iphone Os	Version 1.1.1

Configuration B

1 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.0.3

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.10
Apple Mac Os X	Version 10.4.1
Apple Mac Os X	Version 10.4.2
Apple Mac Os X	Version 10.4.3
Apple Mac Os X	Version 10.4.4
Apple Mac Os X	Version 10.4.5
Apple Mac Os X	Version 10.4.6
Apple Mac Os X	Version 10.4.7
Apple Mac Os X	Version 10.4.8
Apple Mac Os X	Version 10.4.9
Apple Mac Os X	Version 10.4
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://docs.info.apple.com/article.html?artnum=306586

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=307041

Source: cve@mitre.org

http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

Source: cve@mitre.org

Patch

http://secunia.com/advisories/26983

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27643

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1018752

Source: cve@mitre.org

http://www.securityfocus.com/bid/25852

Source: cve@mitre.org

http://www.securityfocus.com/bid/26444

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2007/3287

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/3868

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/36862

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306586

Source: af854a3a-2127-422b-91ae-364da2661108

http://docs.info.apple.com/article.html?artnum=307041

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/26983

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27643

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1018752

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25852

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26444

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/3287

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2007/3868

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/36862

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.