Vulnerability Database

296,225

Total vulnerabilities in the database

CVE-2014-1297

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.

  • Published: Apr 2, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-1297
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
apple / safari 7.0.1 7.0.1.x
apple / safari 6.0 6.0.x
apple / safari 6.0.3 6.0.3.x
apple / safari 6.0.2 6.0.2.x
apple / safari 6.1.1 6.1.1.x
apple / safari - 6.1.2.x
apple / safari 6.0.5 6.0.5.x
apple / safari 7.0 7.0.x
apple / safari 6.1 6.1.x
apple / safari 6.0.4 6.0.4.x
apple / safari 7.0.2 7.0.2.x
apple / safari 6.0.1 6.0.1.x