Lucene search

[email protected]CVE-2010-2179

HistoryJun 15, 2010 - 6:00 p.m.

CVE-2010-2179

2010-06-1518:00:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-2179

cross-site scripting

xss

adobe flash player

adobe air

remote attack

web script injection

url parsing

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

Affected configurations

NVD

Node

adobeflash_playerRange<9.0.277.0

adobeflash_playerRange10.0.0.0–10.1.53.64

AND

googlechromeMatch-

mozillafirefoxMatch-

Node

adobeairRange<2.0.2.12610

AND

googlechromeMatch-

mozillafirefoxMatch-

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt9.0.277.0
adobe:flash_playeradobe flash playerlt10.1.53.64

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	9.0.277.0
adobe:flash_player	adobe flash player	lt	10.1.53.64

References

itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

secunia.com/advisories/40144

secunia.com/advisories/40545

secunia.com/advisories/43026

security.gentoo.org/glsa/glsa-201101-09.xml

securitytracker.com/id?1024085

securitytracker.com/id?1024086

support.apple.com/kb/HT4435

www.adobe.com/support/security/bulletins/apsb10-14.html

www.redhat.com/support/errata/RHSA-2010-0464.html

www.redhat.com/support/errata/RHSA-2010-0470.html

www.securityfocus.com/bid/40759

www.securityfocus.com/bid/40808

www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

www.us-cert.gov/cas/techalerts/TA10-162A.html

www.vupen.com/english/advisories/2010/1421

www.vupen.com/english/advisories/2010/1432

www.vupen.com/english/advisories/2010/1434

www.vupen.com/english/advisories/2010/1453

www.vupen.com/english/advisories/2010/1482

www.vupen.com/english/advisories/2010/1522

www.vupen.com/english/advisories/2010/1793

www.vupen.com/english/advisories/2011/0192

exchange.xforce.ibmcloud.com/vulnerabilities/59328

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2010-2179

ubuntucve1 cvelist1 prion1 nvd1 redhat2 nessus14 openvas12 freebsd1 securityvulns4 suse1 gentoo1