CVE-2010-3813Apple Iphone OS vulnerability

CWE-26410 documents6 sources
Severity
5.8MEDIUMNVD
EPSS
0.8%
top 25.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple Safari
Timeline
PublishedNov 22
Latest updateMay 17

Description

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDapple/safari5.0.2+52
NVDapple/iphone_os4.1+28

Patches

Patch: support.apple.comPatch: support.apple.com

🔴Vulnerability Details

4
GHSA
GHSA-qv97-4m93-h342: The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement2022-05-17
GHSA
GHSA-x3m3-q3xc-8m5j: WebKit in Apple iOS before 42022-05-17
OSV
CVE-2010-3829: WebKit in Apple iOS before 42010-11-26
OSV
CVE-2010-3813: The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement2010-11-22

📋Vendor Advisories

2
Ubuntu
WebKit vulnerabilities2011-08-23
Red Hat
webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting2010-11-18

💬Community

2
Bugzilla
CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206 CVE-2010-3812 CVE-2010-3813 CVE-2010-4577 CVE-2010-3255 CVE-2010-3119 webkitgtk various flaws [fedora-13]2011-01-04
Bugzilla
CVE-2010-3813 webkit: HTMLLinkElement ignores dnsPrefetchingEnabled setting2011-01-04