CVE-2010-1391

CVSS V2 Medium 4.3 CVSS V3 None
Description
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.
Overview
  • CVE ID
  • CVE-2010-1391
  • Assigner
  • product-security@apple.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-06-11T18:00:21
  • Last Modified Date
  • 2017-09-19T01:30:41
Weakness Enumerations
CWE URL
CWE-22 http://cwe.mitre.org/data/definitions/22.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* 1 OR 4.0.5
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* 1 OR 4.0.5
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://support.apple.com/kb/HT4196 Vendor Advisory
http://secunia.com/advisories/40105 Vendor Advisory
http://www.securityfocus.com/bid/40620 Patch
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html Patch Vendor Advisory
http://securitytracker.com/id?1024067
http://www.vupen.com/english/advisories/2010/1373 Patch Vendor Advisory
http://support.apple.com/kb/HT4225
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://www.securityfocus.com/bid/40753
http://secunia.com/advisories/41856
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/2722
http://secunia.com/advisories/43068
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.vupen.com/english/advisories/2011/0552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7082
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-1391
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391
History
Created Old Value New Value Data Type Notes
2022-05-10 08:34:42 Added to TrackCVE