CVE-2011-0167
published 2011-03-11CVE-2011-0167: The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.34%
87.1th percentile
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | <= 5.0.3 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p8w5-8452-95gq: The windows functionality in WebKit in Apple Safari before 5
ghsa_unreviewed·2022-05-17
CVE-2011-0167 [MEDIUM] GHSA-p8w5-8452-95gq: The windows functionality in WebKit in Apple Safari before 5
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
OSV
CVE-2011-0167: The windows functionality in WebKit in Apple Safari before 5
osv·2011-03-11·CVSS 4.3
CVE-2011-0167 [MEDIUM] CVE-2011-0167: The windows functionality in WebKit in Apple Safari before 5
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
No detection rules found.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://support.apple.com/kb/HT4566http://www.securityfocus.com/bid/46816http://www.securitytracker.com/id?1025183http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://support.apple.com/kb/HT4566http://www.securityfocus.com/bid/46816http://www.securitytracker.com/id?1025183
2011-03-11
Published