Apple Safari Feed URI Denial Of Service Vulnerability
TITLE: Apple Safari Feed URI Denial Of Service Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 13 2007 12:00AM
UPDATE: Jun 13 2007 12:00AM
CREDIT: Moshe Ben-Abu of BugSec is credited with the discovery this vulnerability.
VULNERABLE:
Apple Safari For Windows 3 BetaNOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Apple Safari is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to cause denial-of-service conditions on a users computer.
Apple Safari for Windows version 3 Beta is vulnerable; other versions may also be affected.
Exploit
To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI.
The following example URI is available:
'feed://%'
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
References
References:
- Safari Homepage (Apple)