CVE-2010-0314 - OpenCVE

Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Safari

Configuration 1 [-]

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html
http://secunia.com/advisories/41856
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2011/0552

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-14T19:00:00

Updated: 2024-08-07T00:45:12.088Z

Reserved: 2010-01-14T00:00:00

Link: CVE-2010-0314

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-01-14T19:30:00.670

Modified: 2011-03-18T02:46:10.130

Link: CVE-2010-0314

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-03T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDVSA-2011:039", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"name": "ADV-2010-2722", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"name": "USN-1006-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"name": "41856", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41856"}, {"tags": ["x_refsource_MISC"], "url": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html"}, {"name": "ADV-2011-0552", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0552"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0314", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2011:039", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"name": "ADV-2010-2722", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"name": "USN-1006-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"name": "41856", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41856"}, {"name": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html", "refsource": "MISC", "url": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html"}, {"name": "ADV-2011-0552", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0552"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:12.088Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2011:039", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"name": "ADV-2010-2722", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"name": "USN-1006-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"name": "41856", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41856"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html"}, {"name": "ADV-2011-0552", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0552"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0314", "datePublished": "2010-01-14T19:00:00", "dateReserved": "2010-01-14T00:00:00", "dateUpdated": "2024-08-07T00:45:12.088Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value."}, {"lang": "es", "value": "Apple Safari permite a atacantes remotos descubrir una redirecci\u00f3n URL para la sesi\u00f3n de un usuario espec\u00edfico de un sitio web, sustituyendo la URL del sitio en el atributo HREF de un elemento stylesheet LINK, y despu\u00e9s leyendo el valor de la propiedad document.styleSheets[0].href."}], "id": "CVE-2010-0314", "lastModified": "2011-03-18T02:46:10.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-01-14T19:30:00.670", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/41856"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1006-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/2722"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0552"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}