Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0161 (GCVE-0-2011-0161)
Vulnerability from cvelistv5 – Published: 2011-03-11 22:00 – Updated: 2024-08-06 21:43
VLAI?
EPSS
Summary
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "appleios-attr-code-execution(66000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
},
{
"name": "46814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "1025182",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "appleios-attr-code-execution(66000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
},
{
"name": "46814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "1025182",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "appleios-attr-code-execution(66000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
},
{
"name": "46814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46814"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "1025182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-0161",
"datePublished": "2011-03-11T22:00:00.000Z",
"dateReserved": "2010-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:43:15.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2011-0161
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0161",
"description": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.",
"id": "GSD-2011-0161"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0161"
],
"details": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.",
"id": "GSD-2011-0161",
"modified": "2023-12-13T01:19:03.985762Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "appleios-attr-code-execution(66000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
},
{
"name": "46814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46814"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "1025182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025182"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0161"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "46814",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/46814"
},
{
"name": "1025182",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1025182"
},
{
"name": "appleios-attr-code-execution(66000)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-08-17T01:33Z",
"publishedDate": "2011-03-11T22:55Z"
}
}
}
CERTA-2011-AVI-150
Vulnerability from certfr_avis - Published: 2011-03-11 - Updated: 2011-03-11
De multiples vulnérabilités permettant l'exécution de code arbitraire ont été corrigées dans Apple Safari.
Description
De multiples vulnérabilités ont été corrigées dans Apple Safari pour Microsoft Windows et Mac OS X. Celles-ci permettent l'exécution de code arbitraire à distance par l'intermédiaire d'une page Web spécialement conçue.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
La version 5.0.4 de Apple Safari corrige ces vulnérabilités. Cette nouvelle version integre une mise à jour de la libpng en version 1.4.3.
Apple Safari versions antérieures à 5.0.4.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eApple Safari versions ant\u00e9rieures \u00e0 5.0.4.\u003c/p\u003e",
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple Safari pour\nMicrosoft Windows et Mac OS X. Celles-ci permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance par l\u0027interm\u00e9diaire d\u0027une page Web sp\u00e9cialement\ncon\u00e7ue.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLa version 5.0.4 de Apple Safari corrige ces vuln\u00e9rabilit\u00e9s. Cette\nnouvelle version integre une mise \u00e0 jour de la libpng en version 1.4.3.\n",
"cves": [
{
"name": "CVE-2011-0170",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0170"
},
{
"name": "CVE-2011-0153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0153"
},
{
"name": "CVE-2011-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0138"
},
{
"name": "CVE-2011-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0156"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2011-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0120"
},
{
"name": "CVE-2011-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0115"
},
{
"name": "CVE-2011-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0112"
},
{
"name": "CVE-2011-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0113"
},
{
"name": "CVE-2011-0140",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0140"
},
{
"name": "CVE-2010-4494",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
},
{
"name": "CVE-2010-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
},
{
"name": "CVE-2011-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0148"
},
{
"name": "CVE-2011-0127",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0127"
},
{
"name": "CVE-2011-0163",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0163"
},
{
"name": "CVE-2011-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0169"
},
{
"name": "CVE-2011-0142",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0142"
},
{
"name": "CVE-2011-0150",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0150"
},
{
"name": "CVE-2011-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0122"
},
{
"name": "CVE-2011-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0118"
},
{
"name": "CVE-2011-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0129"
},
{
"name": "CVE-2011-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0165"
},
{
"name": "CVE-2011-0191",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0191"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2011-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0160"
},
{
"name": "CVE-2011-0149",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0149"
},
{
"name": "CVE-2011-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0151"
},
{
"name": "CVE-2011-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0126"
},
{
"name": "CVE-2011-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0155"
},
{
"name": "CVE-2011-0125",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0125"
},
{
"name": "CVE-2011-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0119"
},
{
"name": "CVE-2011-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0161"
},
{
"name": "CVE-2011-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0123"
},
{
"name": "CVE-2011-0145",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0145"
},
{
"name": "CVE-2011-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0121"
},
{
"name": "CVE-2011-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0128"
},
{
"name": "CVE-2011-0141",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0141"
},
{
"name": "CVE-2011-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0152"
},
{
"name": "CVE-2011-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0134"
},
{
"name": "CVE-2011-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0114"
},
{
"name": "CVE-2011-0135",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0135"
},
{
"name": "CVE-2011-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0124"
},
{
"name": "CVE-2011-0132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0132"
},
{
"name": "CVE-2011-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0130"
},
{
"name": "CVE-2011-0143",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0143"
},
{
"name": "CVE-2011-0111",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0111"
},
{
"name": "CVE-2011-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0117"
},
{
"name": "CVE-2011-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0154"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0146",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0146"
},
{
"name": "CVE-2011-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0166"
},
{
"name": "CVE-2010-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1824"
},
{
"name": "CVE-2011-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0144"
},
{
"name": "CVE-2011-0147",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0147"
},
{
"name": "CVE-2011-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0131"
},
{
"name": "CVE-2011-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0167"
},
{
"name": "CVE-2011-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0168"
},
{
"name": "CVE-2011-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0136"
},
{
"name": "CVE-2011-0133",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0133"
},
{
"name": "CVE-2011-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0139"
},
{
"name": "CVE-2011-0137",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0137"
},
{
"name": "CVE-2011-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0116"
}
],
"initial_release_date": "2011-03-11T00:00:00",
"last_revision_date": "2011-03-11T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-150",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code arbitraire\nont \u00e9t\u00e9 corrig\u00e9es dans Apple Safari.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT4566 du 09 mars 2011",
"url": "http://support.apple.com/kb/HT4566"
}
]
}
CERTA-2011-AVI-151
Vulnerability from certfr_avis - Published: 2011-03-11 - Updated: 2011-03-11
De multiples vulnérabilités affectent Apple iOS versions 4.2 et antérieures. Certaines permettent l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Apple iOS, notamment dans :
- CoreGraphics ;
- ImageIO ;
- libxml ;
- Networking ;
- Safari ;
- WebKit ;
- Wi-Fi.
Parmis ces vulnérabilités, certaines permettent l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Apple iOS 4.2.1 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eApple iOS 4.2.1 et ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Apple iOS, notamment dans :\n\n- CoreGraphics ;\n- ImageIO ;\n- libxml ;\n- Networking ;\n- Safari ;\n- WebKit ;\n- Wi-Fi.\n\nParmis ces vuln\u00e9rabilit\u00e9s, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0153"
},
{
"name": "CVE-2011-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0138"
},
{
"name": "CVE-2011-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0156"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2011-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0120"
},
{
"name": "CVE-2011-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0115"
},
{
"name": "CVE-2011-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0112"
},
{
"name": "CVE-2011-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0113"
},
{
"name": "CVE-2011-0140",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0140"
},
{
"name": "CVE-2010-4494",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
},
{
"name": "CVE-2011-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0148"
},
{
"name": "CVE-2011-0127",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0127"
},
{
"name": "CVE-2011-0163",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0163"
},
{
"name": "CVE-2010-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1792"
},
{
"name": "CVE-2011-0142",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0142"
},
{
"name": "CVE-2011-0150",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0150"
},
{
"name": "CVE-2011-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0122"
},
{
"name": "CVE-2011-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0118"
},
{
"name": "CVE-2011-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0129"
},
{
"name": "CVE-2011-0191",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0191"
},
{
"name": "CVE-2011-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0160"
},
{
"name": "CVE-2011-0149",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0149"
},
{
"name": "CVE-2011-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0151"
},
{
"name": "CVE-2011-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0126"
},
{
"name": "CVE-2011-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0155"
},
{
"name": "CVE-2011-0125",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0125"
},
{
"name": "CVE-2011-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0158"
},
{
"name": "CVE-2011-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0119"
},
{
"name": "CVE-2011-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0161"
},
{
"name": "CVE-2011-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0123"
},
{
"name": "CVE-2011-0145",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0145"
},
{
"name": "CVE-2011-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0121"
},
{
"name": "CVE-2011-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0128"
},
{
"name": "CVE-2010-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3855"
},
{
"name": "CVE-2011-0141",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0141"
},
{
"name": "CVE-2011-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0152"
},
{
"name": "CVE-2011-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0134"
},
{
"name": "CVE-2011-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0114"
},
{
"name": "CVE-2011-0135",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0135"
},
{
"name": "CVE-2011-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0124"
},
{
"name": "CVE-2011-0132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0132"
},
{
"name": "CVE-2011-0162",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0162"
},
{
"name": "CVE-2011-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0159"
},
{
"name": "CVE-2011-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0130"
},
{
"name": "CVE-2011-0143",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0143"
},
{
"name": "CVE-2011-0111",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0111"
},
{
"name": "CVE-2011-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0117"
},
{
"name": "CVE-2011-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0154"
},
{
"name": "CVE-2011-0146",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0146"
},
{
"name": "CVE-2010-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1824"
},
{
"name": "CVE-2011-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0144"
},
{
"name": "CVE-2011-0147",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0147"
},
{
"name": "CVE-2011-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0131"
},
{
"name": "CVE-2011-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0168"
},
{
"name": "CVE-2011-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0136"
},
{
"name": "CVE-2011-0133",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0133"
},
{
"name": "CVE-2011-0157",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0157"
},
{
"name": "CVE-2011-0137",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0137"
},
{
"name": "CVE-2011-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0116"
}
],
"initial_release_date": "2011-03-11T00:00:00",
"last_revision_date": "2011-03-11T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-151",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s affectent Apple iOS versions 4.2 et\nant\u00e9rieures. Certaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT4564 du 09 mars 2011",
"url": "http://support.apple.com/kb/HT4564"
}
]
}
FKIE_CVE-2011-0161
Vulnerability from fkie_nvd - Published: 2011-03-11 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82E200DE-C81B-445C-8FC8-90A44CA70A12",
"versionEndIncluding": "5.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "64FE1AA1-32D1-4825-8B2B-E66093937D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E760CD65-A10E-44F1-B835-DA6B77057C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30663B7F-3EDA-4B6B-9F39-65E2CEEB4543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A09DA0-83E9-491D-A0A5-AF97B5463D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "D91C7EF0-A56B-40E6-9CED-1228405D034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6078B0-4756-4E04-BAC4-C4EC90548A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B5A3F2-70EE-4ECD-AD6A-0A72D9EBC755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C87EDB53-FB6E-4B10-B890-A7195D841C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*",
"matchCriteriaId": "957FCFC4-565A-4F2F-8D3D-D0982E1723F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*",
"matchCriteriaId": "22A450DC-CDF5-4EA0-A703-AFB3DEFE1395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD75A4F-F529-4F5E-957D-380215F7B21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "834EC299-2010-4306-8CEE-35D735583101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D29B98E-2F62-4F6F-976D-FEC4EB07F106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3112AFEB-7893-467C-8B45-A44D5697BB79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC83309-3A97-4619-B5C1-574610838BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "891514D5-50C8-4EDC-81C5-24ABF8BCC022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25032A3A-9D05-4E69-9A22-C9B332976769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AF75A31C-FE42-4CB4-A0E6-0CAB7B122483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAC0DC3-7B55-49BC-89BC-C588E6FC6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*",
"matchCriteriaId": "21BAC0B8-063C-4772-8F1B-EB9A2F7A585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*",
"matchCriteriaId": "6BAB4071-A883-4E04-BDDF-A121C4738E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E44913D-BC8B-4AA1-84EB-EFEAC531B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BAE980-449F-4F8C-A5BC-6CB7226E971A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8498D2-DECC-4B88-BC1B-F8E2D076EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79DC6C51-CEEA-4CBF-87D2-8007B7C3D67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B6AD89-D60C-4C8F-A9E6-4380A6B8DB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2451165-7831-426E-BA07-B3A57F3589C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "410E58BC-72AF-4695-8022-A08913077BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE630BC-7E63-40DF-BB8B-327513F5DBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD80CA73-5612-4799-9084-09BAA7938F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461EFB63-7933-488C-BB4E-7C913364F5A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461EFB63-7933-488C-BB4E-7C913364F5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56C3334D-C737-4504-A4A3-2A849B8CE8FA",
"versionEndIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site."
},
{
"lang": "es",
"value": "WebKit, como se usa en Apple Safari anterior a v5.0.4 e iOS antes de v4.3, no maneja adecuada mente el acceso a Attr.style, lo que permite a atacantes remotos evitar la Same Origin Policy e inyectar secuencias de hojas de estilo en cascada (CSS) a trav\u00e9s de un sitio web manipulado."
}
],
"id": "CVE-2011-0161",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-11T22:55:02.947",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4564"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/46814"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id?1025182"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6P2P-VJ22-CMM3
Vulnerability from github – Published: 2022-05-17 02:03 – Updated: 2022-05-17 02:03
VLAI?
Details
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
{
"affected": [],
"aliases": [
"CVE-2011-0161"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-03-11T22:55:00Z",
"severity": "MODERATE"
},
"details": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.",
"id": "GHSA-6p2p-vj22-cmm3",
"modified": "2022-05-17T02:03:10Z",
"published": "2022-05-17T02:03:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0161"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4564"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4566"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/46814"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025182"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…