CVE-2010-0541

2010-06-1716:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-0541

cross-site scripting

xss

webrick

http server

ruby

apple

mac os x 10.5.8

mac os x 10.6

nvd

5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.5.8
apple:mac_os_x_serverapple mac os x servereq10.5.8
apple:mac_os_x_serverapple mac os x servereq10.6.3
apple:mac_os_xapple mac os xeq10.6.3
apple:mac_os_x_serverapple mac os x servereq10.6.1
apple:mac_os_x_serverapple mac os x servereq10.6.2
apple:mac_os_xapple mac os xeq10.6.1
apple:mac_os_x_serverapple mac os x servereq10.6.0
apple:mac_os_xapple mac os xeq10.6.0
apple:mac_os_xapple mac os xeq10.6.2

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.5.8
apple:mac_os_x_server	apple mac os x server	eq	10.5.8
apple:mac_os_x_server	apple mac os x server	eq	10.6.3
apple:mac_os_x	apple mac os x	eq	10.6.3
apple:mac_os_x_server	apple mac os x server	eq	10.6.1
apple:mac_os_x_server	apple mac os x server	eq	10.6.2
apple:mac_os_x	apple mac os x	eq	10.6.1
apple:mac_os_x_server	apple mac os x server	eq	10.6.0
apple:mac_os_x	apple mac os x	eq	10.6.0
apple:mac_os_x	apple mac os x	eq	10.6.2