CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.4 (including)	10.4 (including)
Mac_os_x	Apple	10.4.1 (including)	10.4.1 (including)
Mac_os_x	Apple	10.4.2 (including)	10.4.2 (including)
Mac_os_x	Apple	10.4.3 (including)	10.4.3 (including)
Mac_os_x	Apple	10.4.4 (including)	10.4.4 (including)
Mac_os_x	Apple	10.4.5 (including)	10.4.5 (including)
Mac_os_x	Apple	10.4.6 (including)	10.4.6 (including)
Mac_os_x	Apple	10.4.7 (including)	10.4.7 (including)
Mac_os_x	Apple	10.4.8 (including)	10.4.8 (including)
Mac_os_x	Apple	10.4.9 (including)	10.4.9 (including)
Mac_os_x	Apple	10.4.10 (including)	10.4.10 (including)
Mac_os_x	Apple	10.4.11 (including)	10.4.11 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://secunia.com/advisories/28115
http://www.securityfocus.com/bid/26877
http://www.vupen.com/english/advisories/2007/4224
http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://secunia.com/advisories/28115
http://www.securityfocus.com/bid/26877
http://www.vupen.com/english/advisories/2007/4224

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5862
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References