CVE-2010-0314
published 2010-01-14CVE-2010-0314: Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.46%
93.7th percentile
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j5vp-xx87-j2xg: Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL
ghsa_unreviewed·2022-05-02
CVE-2010-0314 [MEDIUM] GHSA-j5vp-xx87-j2xg: Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
Red Hat
kernel: ipv6_hop_jumbo remote system crash
vendor_redhat·2007-09-07·CVSS 7.8
CVE-2007-4567 [HIGH] CWE-228 kernel: ipv6_hop_jumbo remote system crash
kernel: ipv6_hop_jumbo remote system crash
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0019.
No detection rules found.
http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.htmlhttp://secunia.com/advisories/41856http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0552http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.htmlhttp://secunia.com/advisories/41856http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0552
2010-01-14
Published