VulDB: Apple Xcode up to 4.3.3 Designated Requirement information disclosure
General
scipID: 5873
Affected: Apple Xcode up to 4.3.3
Published: 07/25/2012
Risk: 
problematic
Entry: 83.6% complete
Created: 08/08/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Apple Xcode up to 4.3.3 and classified as problematic. This issue affects an unknown function of the component Designated Requirement. The manipulation with an unknown input leads to a information disclosure vulnerability. Impacted is confidentiality.
The weakness was presented 07/25/2012 as HT5416 as knowledge base article (Apple Security Announce). The advisory is shared for download at support.apple.com. The identification of this vulnerability is CVE-2012-3698 since 06/19/2012. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
Upgrading to version 4.4 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84227) and Secunia (SA50068).CVSS
Base Score: 4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Information disclosure
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Xcode 4.4
Timeline
06/19/2012 | CVE assigned
07/25/2012 | Advisory disclosed
07/25/2012 | Countermeasure disclosed
07/27/2012 | OSVDB entry created
08/08/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: HT5416
OSVDB: 84227
CVE: CVE-2012-3698 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 50068
- Latest Entries
- Trend Micro DirectPass InstallWorkspace.exe cross site scripting
- SAP SAProuter User Input Sanitizer buffer overflow
- Red Hat JBoss Enterprise Application Platform Authorization Module Class Name denial of service
- thttpd WebService information disclosure
- Microsoft Windows 7 win32k!EPATHOBJ::pprFlattenRec buffer overflow
- Statistics
- Archive
