Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310800656
HistoryJul 12, 2009 - 12:00 a.m.

Apple Safari Denial Of Service Vulnerability (Jul 2009)

2009-07-1200:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
8

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

Apple Safari web browser is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:safari";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800656");
  script_version("2024-02-19T05:05:57+0000");
  script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
  script_tag(name:"creation_date", value:"2009-07-12 15:16:55 +0200 (Sun, 12 Jul 2009)");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:P");
  script_cve_id("CVE-2009-2420", "CVE-2009-2421");
  script_name("Apple Safari Denial Of Service Vulnerability (Jul 2009)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/504479");

  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"registry");
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("secpod_apple_safari_detect_win_900003.nasl");
  script_mandatory_keys("AppleSafari/Version");

  script_tag(name:"affected", value:"Apple Safari 3.2.3 on Windows.");

  script_tag(name:"insight", value:"The flaws are due to

  - Error in 'CFCharacterSetInitInlineBuffer' method in CoreFoundation.dll
  when processing high-bit character in a URL fragment for an unspecified protocol.

  - Error in implementing the file 'protocol handler' when processing vectors
  involving an unspecified HTML tag.");

  script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
  of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
  release, disable respective features, remove the product or replace the product by another one.");

  script_tag(name:"summary", value:"Apple Safari web browser is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"impact", value:"Successful exploitation allows attackers to execute arbitrary
  code or can even crash the browser.");

  script_tag(name:"solution_type", value:"WillNotFix");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less_equal(version:vers, test_version:"3.525.29.0")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"None", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

openvas 1
cve 2
cvelist 2
prion 2
nessus 2
openvas
openvas
Apple Safari Denial Of Service Vulnerability - Jul09
2009-07-12 00:00:00
cve
cve
CVE-2009-2420
2009-07-09 16:30:00
CVE-2009-2421
2009-07-09 16:30:00
cvelist
cvelist
CVE-2009-2421
2009-07-09 16:00:00
CVE-2009-2420
2009-07-09 16:00:00
prion
prion
Null pointer dereference
2009-07-09 16:30:00
Design/Logic Flaw
2009-07-09 16:30:00
nessus
nessus
Mac OS X : Apple Safari < 4.0
2009-06-09 00:00:00
Safari < 4.0 Multiple Vulnerabilities
2009-06-09 00:00:00

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON
Related for OPENVAS:1361412562310800656
openvas1cve2cvelist2prion2nessus2