Lucene search
Copyright (C) 2015 Greenbone AGOPENVAS:1361412562310805613HistoryMay 11, 2015 - 12:00 a.m.
Apple Safari Multiple Vulnerabilities -01 (May 2015) - Mac OS X
2015-05-1100:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
11
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.5%
Apple Safari is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:apple:safari";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.805613");
script_version("2024-02-09T05:06:25+0000");
script_cve_id("CVE-2015-1156", "CVE-2015-1155", "CVE-2015-1154", "CVE-2015-1153",
"CVE-2015-1152");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"creation_date", value:"2015-05-11 14:59:28 +0530 (Mon, 11 May 2015)");
script_tag(name:"qod_type", value:"executable_version");
script_name("Apple Safari Multiple Vulnerabilities -01 (May 2015) - Mac OS X");
script_tag(name:"summary", value:"Apple Safari is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- A flaw in WebKit in the handling of rel attributes in anchor elements which
is triggered when clicking a link to visit a specially crafted web page.
- A state management flaw in WebKit that is triggered as user-supplied input
is not properly validated.
- multiple flaws in WebKit that are triggered as user-supplied input is not
properly validated.");
script_tag(name:"impact", value:"Successful exploitation will allow
context-dependent attacker can potentially execute arbitrary code, can gain
access to potentially sensitive user information from the file system, to
spoof the user interface.");
script_tag(name:"affected", value:"Apple Safari versions before 6.2.6, 7.x
before 7.1.6 and 8.x before 8.0.6");
script_tag(name:"solution", value:"Upgrade to Apple Safari version 6.2.6 or
7.1.6 or 8.0.6 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://support.apple.com/HT204826");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74527");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74526");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74525");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74524");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74523");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce/2015/May/msg00000.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("General");
script_dependencies("macosx_safari_detect.nasl");
script_mandatory_keys("AppleSafari/MacOSX/Version");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!safVer = get_app_version(cpe:CPE)){
exit(0);
}
if(version_is_less(version:safVer, test_version:"6.2.6"))
{
fix = "6.2.6";
VULN = TRUE;
}
if(version_in_range(version:safVer, test_version:"7.0", test_version2:"7.1.5"))
{
fix = "7.1.6";
VULN = TRUE;
}
if(version_in_range(version:safVer, test_version:"8.0", test_version2:"8.0.5"))
{
fix = "8.0.6";
VULN = TRUE;
}
if(VULN)
{
report = 'Installed version: ' + safVer + '\n' +
'Fixed version: ' + fix + '\n';
security_message(data:report);
exit(0);
}
Related
kaspersky
kaspersky
KLA10573 Multiple vulnerabilities in Apple Safari
2015-05-07 00:00:00
KLA10620 Multiple vulnerabilities in Apple iTunes
2015-06-30 00:00:00
KLA10669 Multiple vulnerabilities in Apple iTunes
2015-09-16 00:00:00
nessus
nessus
Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
2015-09-17 00:00:00
Mac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
2015-05-08 00:00:00
Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)
2015-07-03 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
2015-05-10 00:00:00
Apple Safari / Webkit multiple security vulnerabilities
2015-05-10 00:00:00
Apple iOS multiple security vulnerabilities
2015-07-05 00:00:00
threatpost
threatpost
Apple Fixes WebKit Vulnerabilities in Safari Browser
2015-05-07 10:49:05
prion
prion
Memory corruption
2015-05-08 00:59:00
Memory corruption
2015-05-08 00:59:00
Memory corruption
2015-05-08 00:59:00
cve
cve
ubuntucve
ubuntucve
myhack58
myhack58
zdi
zdi
Apple Safari file:// Redirection Sandbox Escape Vulnerabliity
2015-05-15 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2016-03-21 00:00:00
openvas
openvas
Fedora Update for webkitgtk FEDORA-2016-5
2016-03-23 00:00:00
Ubuntu: Security Advisory (USN-2937-1)
2016-03-22 00:00:00
Fedora Update for webkitgtk3 FEDORA-2016-1
2016-03-21 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: webkitgtk3-2.4.10-1.fc23
2016-03-21 01:53:49
[SECURITY] Fedora 24 Update: webkitgtk3-2.4.10-1.fc24
2016-03-27 00:38:22
[SECURITY] Fedora 22 Update: webkitgtk-2.4.10-1.fc22
2016-03-29 19:23:05
mageia
mageia
Updated webkit packages fix security vulnerability
2016-03-25 09:38:37
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.5%
Related for OPENVAS:1361412562310805613