ByteOS Network

Vulnerability Details :

CVE-2010-3813

Assigner-apple

Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c

Published At-20 Nov, 2010 | 21:00

Updated At-07 Aug, 2024 | 03:26

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:apple

Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c

Published At:20 Nov, 2010 | 21:00

Updated At:07 Aug, 2024 | 03:26

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	vendor-advisory x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html	vendor-advisory x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=667024	x_refsource_CONFIRM
http://secunia.com/advisories/43068	third-party-advisory x_refsource_SECUNIA
http://trac.webkit.org/changeset/63622	x_refsource_MISC
http://support.apple.com/kb/HT4455	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0212	vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/3046	vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0216	vdb-entry x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293	vdb-entry signature x_refsource_OVAL
http://secunia.com/advisories/43086	third-party-advisory x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	vendor-advisory x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html	vendor-advisory x_refsource_APPLE
http://secunia.com/advisories/42314	third-party-advisory x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-0177.html	vendor-advisory x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0552	vdb-entry x_refsource_VUPEN
http://support.apple.com/kb/HT4456	x_refsource_CONFIRM
https://bugs.webkit.org/show_bug.cgi?id=42500	x_refsource_MISC
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	vendor-advisory x_refsource_APPLE

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=667024

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/43068

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://trac.webkit.org/changeset/63622

Resource:

x_refsource_MISC

Hyperlink: http://support.apple.com/kb/HT4455

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.vupen.com/english/advisories/2011/0212

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://www.vupen.com/english/advisories/2010/3046

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://www.vupen.com/english/advisories/2011/0216

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://secunia.com/advisories/43086

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://secunia.com/advisories/42314

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0177.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.vupen.com/english/advisories/2011/0552

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://support.apple.com/kb/HT4456

Resource:

x_refsource_CONFIRM

Hyperlink: https://bugs.webkit.org/show_bug.cgi?id=42500

Resource:

x_refsource_MISC

Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Resource:

vendor-advisory

x_refsource_APPLE

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	vendor-advisory x_refsource_MANDRIVA x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html	vendor-advisory x_refsource_FEDORA x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=667024	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/43068	third-party-advisory x_refsource_SECUNIA x_transferred
http://trac.webkit.org/changeset/63622	x_refsource_MISC x_transferred
http://support.apple.com/kb/HT4455	x_refsource_CONFIRM x_transferred
http://www.vupen.com/english/advisories/2011/0212	vdb-entry x_refsource_VUPEN x_transferred
http://www.vupen.com/english/advisories/2010/3046	vdb-entry x_refsource_VUPEN x_transferred
http://www.vupen.com/english/advisories/2011/0216	vdb-entry x_refsource_VUPEN x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293	vdb-entry signature x_refsource_OVAL x_transferred
http://secunia.com/advisories/43086	third-party-advisory x_refsource_SECUNIA x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html	vendor-advisory x_refsource_APPLE x_transferred
http://secunia.com/advisories/42314	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0177.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.vupen.com/english/advisories/2011/0552	vdb-entry x_refsource_VUPEN x_transferred
http://support.apple.com/kb/HT4456	x_refsource_CONFIRM x_transferred
https://bugs.webkit.org/show_bug.cgi?id=42500	x_refsource_MISC x_transferred
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	vendor-advisory x_refsource_APPLE x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=667024

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/43068

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://trac.webkit.org/changeset/63622

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://support.apple.com/kb/HT4455

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2011/0212

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2010/3046

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2011/0216

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://secunia.com/advisories/43086

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

Resource:

vendor-advisory

x_refsource_APPLE

x_transferred

Hyperlink: http://secunia.com/advisories/42314

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0177.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2011/0552

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://support.apple.com/kb/HT4456

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://bugs.webkit.org/show_bug.cgi?id=42500

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Resource:

vendor-advisory

x_refsource_APPLE

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@apple.com

Published At:22 Nov, 2010 | 13:00

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

Type: Primary

Version: 2.0

Base score: 5.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:N

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html	product-security@apple.com	Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	product-security@apple.com	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html	product-security@apple.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	product-security@apple.com	N/A
http://secunia.com/advisories/42314	product-security@apple.com	N/A
http://secunia.com/advisories/43068	product-security@apple.com	N/A
http://secunia.com/advisories/43086	product-security@apple.com	N/A
http://support.apple.com/kb/HT4455	product-security@apple.com	Patch Vendor Advisory
http://support.apple.com/kb/HT4456	product-security@apple.com	N/A
http://trac.webkit.org/changeset/63622	product-security@apple.com	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	product-security@apple.com	N/A
http://www.redhat.com/support/errata/RHSA-2011-0177.html	product-security@apple.com	N/A
http://www.vupen.com/english/advisories/2010/3046	product-security@apple.com	N/A
http://www.vupen.com/english/advisories/2011/0212	product-security@apple.com	N/A
http://www.vupen.com/english/advisories/2011/0216	product-security@apple.com	N/A
http://www.vupen.com/english/advisories/2011/0552	product-security@apple.com	N/A
https://bugs.webkit.org/show_bug.cgi?id=42500	product-security@apple.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=667024	product-security@apple.com	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293	product-security@apple.com	N/A
http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/42314	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/43068	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/43086	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.apple.com/kb/HT4455	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://support.apple.com/kb/HT4456	af854a3a-2127-422b-91ae-364da2661108	N/A
http://trac.webkit.org/changeset/63622	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2011-0177.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2010/3046	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2011/0212	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2011/0216	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2011/0552	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugs.webkit.org/show_bug.cgi?id=42500	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=667024	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12293	af854a3a-2127-422b-91ae-364da2661108	N/A

CVE-2010-3813

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs