Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0167 — Apple Safari vulnerability

CWE-2644 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedMar 11

Latest updateMay 17

Description

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari5.0.3+53

🔴Vulnerability Details

GHSA

GHSA-p8w5-8452-95gq: The windows functionality in WebKit in Apple Safari before 5↗2022-05-17

▶

OSV

CVE-2011-0167: The windows functionality in WebKit in Apple Safari before 5↗2011-03-11

▶

💥Exploits & PoCs

Exploit-DB

WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure↗2011-03-09

▶