Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_SAFARI7_1.NASL
HistorySep 18, 2014 - 12:00 a.m.

Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities

2014-09-1800:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2 or 7.1. It is, therefore, affected by the following vulnerabilities :

  • An error exists related to saved passwords and the incorrect automatic filling of HTML forms. A remote attacker can exploit this to obtain sensitive information. (CVE-2014-4363)

  • Multiple memory corruption errors exist related to the included version of WebKit that can allow application crashes or arbitrary code execution.
    (CVE-2013-6663, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415)

  • An error exists related to HTML5 application cache data handling and the included version of WebKit that allows the disclosure of sensitive information from private browsing sessions. (CVE-2014-4409)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77747);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2013-6663",
    "CVE-2014-4363",
    "CVE-2014-4409",
    "CVE-2014-4410",
    "CVE-2014-4411",
    "CVE-2014-4412",
    "CVE-2014-4413",
    "CVE-2014-4414",
    "CVE-2014-4415"
  );
  script_bugtraq_id(
    69881,
    69909,
    69937,
    69966,
    69970,
    69973,
    69974,
    69975,
    69976,
    69984
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-09-17-4");

  script_name(english:"Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities");
  script_summary(english:"Checks the Safari version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote Mac OS X host is a
version prior to 6.2 or 7.1. It is, therefore, affected by the
following vulnerabilities :

  - An error exists related to saved passwords and the
    incorrect automatic filling of HTML forms. A remote
    attacker can exploit this to obtain sensitive
    information. (CVE-2014-4363)

  - Multiple memory corruption errors exist related to
    the included version of WebKit that can allow
    application crashes or arbitrary code execution.
    (CVE-2013-6663, CVE-2014-4410, CVE-2014-4411,
    CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
    CVE-2014-4415)

  - An error exists related to HTML5 application cache
    data handling and the included version of WebKit that
    allows the disclosure of sensitive information from
    private browsing sessions. (CVE-2014-4409)");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6440");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari 6.2 / 7.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6663");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_Safari31.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

if (!ereg(pattern:"Mac OS X 10\.[89]([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.8 / 10.9");

get_kb_item_or_exit("MacOSX/Safari/Installed");
path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);

if ("10.8" >< os) fixed_version = "6.2";
else fixed_version = "7.1";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

Related

securityvulns 10
nessus 12
gentoo 2
prion 9
ubuntucve 7
cve 9
debiancve 1
jvn 1
threatpost 1
freebsd 1
openvas 7
seebug 1
chrome 1
mageia 1
debian 2
osv 1
securityvulns
securityvulns
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
2014-09-21 00:00:00
Apple Safari / Webkit multiple security vulnerabilities
2014-09-21 00:00:00
Apple TV multiple security vulnerabilities
2014-09-21 00:00:00
nessus
nessus
Safari < 6.2 / 7.1 Multiple Vulnerabilities
2014-09-19 00:00:00
GLSA-201612-41 : WebKitGTK+: Multiple vulnerabilities
2016-12-14 00:00:00
Apple TV < 7 Multiple Vulnerabilities
2014-09-24 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2016-12-13 00:00:00
Chromium, V8: Multiple vulnerabilities
2014-03-05 00:00:00
prion
prion
Memory corruption
2014-09-18 10:55:00
Memory corruption
2014-09-18 10:55:00
Design/Logic Flaw
2014-03-05 05:11:00
ubuntucve
ubuntucve
CVE-2014-4413
2014-09-18 00:00:00
CVE-2013-6663
2014-03-05 00:00:00
CVE-2014-4410
2014-09-18 00:00:00
cve
cve
CVE-2014-4413
2014-09-18 10:55:00
CVE-2014-4414
2014-09-18 10:55:00
CVE-2014-4363
2014-09-18 10:55:00
debiancve
debiancve
CVE-2013-6663
2014-03-05 05:11:00
jvn
jvn
JVN#45442753: Safari issue in handling application cache
2014-09-25 00:00:00
threatpost
threatpost
Google Fixes Nearly 20 Bugs in Chrome 33
2014-03-04 10:55:03
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-03-03 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0121)
2022-01-28 00:00:00
Google Chrome Multiple Vulnerabilities-01 (Mar 2014) - Linux
2014-03-13 00:00:00
Google Chrome Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X
2014-03-13 00:00:00
seebug
seebug
Google Chrome 33.0.1750.146之前版本多个安全漏洞
2014-03-05 00:00:00
chrome
chrome
Stable Channel Update
2014-03-03 00:00:00
mageia
mageia
Updated chromium-browser-stable package fixes security vulnerabilities
2014-03-07 01:52:06
debian
debian
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:38
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
osv
osv
chromium-browser - security update
2014-03-23 00:00:00
JSON
Related for MACOSX_SAFARI7_1.NASL
securityvulns10nessus12gentoo2prion9ubuntucve7cve9debiancve1jvn1threatpost1freebsd1openvas7seebug1chrome1mageia1debian2osv1