exploitDog

CVE-2006-6238

Опубликовано: 03 дек. 2006

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

Ссылки

http://secunia.com/advisories/23066
Vendor Advisory
http://tearesolutions.com/2006/11/how_to_steal_passwords_from_safaris_autofill.html
Exploit
http://www.securityfocus.com/bid/21329
Exploit
http://secunia.com/advisories/23066
Vendor Advisory
http://tearesolutions.com/2006/11/how_to_steal_passwords_from_safaris_autofill.html
Exploit
http://www.securityfocus.com/bid/21329
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00462

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vm94-3jpr-ph6q

github

почти 4 года назад

The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

EPSS

Процентиль: 64%

0.00462

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other