Lucene search

K
nessusTenable4958.PRM
HistoryMar 12, 2009 - 12:00 a.m.

iTunes < 8.1 Multiple Vulnerabilities

2009-03-1200:00:00
Tenable
www.tenable.com
9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.247 Low

EPSS

Percentile

96.7%

According to its banner, the version of iTunes installed on the remote host is older than 8.1.

Such versions may be affected by multiple vulnerabilities :

  • It may be possible to cause a denial of service by sending a maliciously crafted DAAP header to the application. Note that this flaw only affects iTunes running on a Windows host. (CVE-2009-0016)

  • When subscribing to a podcast an authentication dialog may be presented without clarifying the origin of the authentication request. An attacker could exploit this flaw in order to steal the user’s iTunes credentials. (CVE-2009-0143)");

Binary data 4958.prm
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.247 Low

EPSS

Percentile

96.7%