Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0514Path Traversal in Apple Safari

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.7%
top 14.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Safari
Timeline
PublishedApr 15
Latest updateApr 29

Description

Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapple/safari1.0, 1.1+1

🔴Vulnerability Details

1
GHSA
GHSA-qxpv-7chg-rhr2: Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory trave2022-04-29

💥Exploits & PoCs

1
Exploit-DB
Apple Safari 1.x - Cookie Directory Traversal2004-03-10