CVE-2003-0975

Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

Published: Dec 15, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0975
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / safari	1.0	1.0.x
apple / safari	1.1	1.1.x
apple / mac_os_x	10.2.8	10.2.8.x
apple / mac_os_x	10.3.1	10.3.1.x
apple / mac_os_x_server	10.3.1	10.3.1.x
apple / mac_os_x_server	10.2.8	10.2.8.x

http://docs.info.apple.com/article.html?artnum=61798
http://lists.apple.com/mhonarc/security-announce/msg00042.html
http://marc.info/?l=bugtraq&m=106917674428552&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7973

Vulnerability Database

289,599

CVE-2003-0975