Summary
This host is installed with Apple Safari web browser and is prone to address bar spoofing vulnerability.
Impact
Successful exploitation will let attackers to conduct spoofing attacks via a crafted HTML document.
Impact Level: Application
Solution
Upgrade to Apple Safari version 5.1.2 or later,
For updates refer to http://www.apple.com/support/downloads/
Insight
The flaw is due to an improper implementation of the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page.
Affected
Apple Safari version 5.0.5 on Windows
References
Severity
Classification
-
CVE CVE-2011-3844 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Mac OS X Authentication Bypass Vulnerability
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Apple Safari Multiple Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Mac OS X)