CVE-2013-5227

Sažetak

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html
http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
http://support.apple.com/kb/HT6162
http://support.apple.com/kb/HT6441
http://www.securityfocus.com/bid/64355

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

07-01-2017 - 02:59

Objavljeno

18-12-2013 - 16:04