CVE-2014-1297

Published Apr 2, 2014

Last updated 11 years ago

Overview

Description: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.
Source: product-security@apple.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54197A85-706B-4EF1-A426-5A38C22CCBE2",
            "versionEndIncluding": "6.1.2"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BA4B009-6BF2-4174-A05C-77B75C45377C"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "136A760D-2873-4216-AB60-E3D93DE82BCF"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "076B9C00-EFB0-4284-A617-FAEE341F80FB"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8851ED07-715F-4F6A-AE29-FA95D069F972"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65EBA204-5E12-429A-9414-400CBAA0BA89"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A600193-92E3-4A31-824D-94BC87E513B2"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74543772-8C0C-4055-BC1E-D7EAA8A55B51"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References