[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3714Date: (C)2012-09-20   (M)2023-12-22


The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-55625
OSVDB-85653
APPLE-SA-2012-09-19-3
apple-safari-cve20123714(78681)
http://support.apple.com/kb/HT5502

CPE    103
cpe:/a:apple:safari:3.0.4:-:mac
cpe:/a:apple:safari:4.1.2
cpe:/a:apple:safari:4.1.1
cpe:/a:apple:safari:3.0.2b:-:windows
...
CWE    1
CWE-264
OVAL    2
oval:org.secpod.oval:def:7732
oval:org.secpod.oval:def:7784

© SecPod Technologies