Vulnerabilities > CVE-2012-3715 - Cryptographic Issues vulnerability in Apple Safari
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
| NASL family | MacOS X Local Security Checks |
| NASL id | MACOSX_SAFARI6_0_1.NASL |
| description | The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0.1. It is, therefore, potentially affected by several issues : - A logic error in Safari |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 62216 |
| published | 2012-09-20 |
| reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/62216 |
| title | Mac OS X : Apple Safari < 6.0.1 Multiple Vulnerabilities |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 55626 CVE ID: CVE-2012-3715 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器,使用了KDE的KHTML作为浏览器的运算核心。 Apple Safari 6.0.1之前版本处理地址栏中的HTTPS URL时存在逻辑错误。如果通过黏贴文本编辑部分地址,请求会被通过HTTP意外发送。 0 Apple Safari 6.x 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(APPLE-SA-2012-09-19-3)以及相应补丁: APPLE-SA-2012-09-19-3:APPLE-SA-2012-09-19-3 Safari 6.0.1 链接:https://www.apple.com/support/security/pgp/ |
| id | SSV:60397 |
| last seen | 2017-11-19 |
| modified | 2012-09-24 |
| published | 2012-09-24 |
| reporter | Root |
| title | Apple Safari URL处理安全限制绕过漏洞 |
References
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html
- http://osvdb.org/85655
- http://osvdb.org/85655
- http://support.apple.com/kb/HT5502
- http://support.apple.com/kb/HT5502
- http://www.securityfocus.com/bid/55626
- http://www.securityfocus.com/bid/55626
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78680
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78680