Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310805989
HistoryOct 13, 2015 - 12:00 a.m.

Apple Safari Multiple Vulnerabilities-01 (Oct 2015) - Mac OS X

2015-10-1300:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
10

8.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.1%

JSON

Apple Safari is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:safari";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805989");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2015-5764", "CVE-2015-5765", "CVE-2015-5767", "CVE-2015-5780",
                "CVE-2015-5788", "CVE-2015-5789", "CVE-2015-5790", "CVE-2015-5791",
                "CVE-2015-5792", "CVE-2015-5793", "CVE-2015-5794", "CVE-2015-5795",
                "CVE-2015-5796", "CVE-2015-5797", "CVE-2015-5798", "CVE-2015-5799",
                "CVE-2015-5800", "CVE-2015-5801", "CVE-2015-5802", "CVE-2015-5803",
                "CVE-2015-5804", "CVE-2015-5805", "CVE-2015-5806", "CVE-2015-5807",
                "CVE-2015-5808", "CVE-2015-5809", "CVE-2015-5810", "CVE-2015-5811",
                "CVE-2015-5812", "CVE-2015-5813", "CVE-2015-5814", "CVE-2015-5815",
                "CVE-2015-5816", "CVE-2015-5817", "CVE-2015-5818", "CVE-2015-5819",
                "CVE-2015-5821", "CVE-2015-5822", "CVE-2015-5823", "CVE-2015-3801",
                "CVE-2015-5825", "CVE-2015-5820", "CVE-2015-5826", "CVE-2015-5827",
                "CVE-2015-5828");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"creation_date", value:"2015-10-13 13:40:06 +0530 (Tue, 13 Oct 2015)");
  script_name("Apple Safari Multiple Vulnerabilities-01 (Oct 2015) - Mac OS X");

  script_tag(name:"summary", value:"Apple Safari is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist as,

  - Multiple user interface inconsistencies exists which can allow a malicious
    website to display an arbitrary URL.

  - A validated, user-installed Safari extension could be replaced on disk
    without prompting the user.

  - A race condition existed in validation of image origins.

  - Multiple memory corruption issues existed in WebKit.

  - WebKit would accept multiple cookies to be set in the 'document.cookie' API.

  - WebKit's Performance API could have allowed a malicious website to leak
    browsing history, network activity, and mouse movements by measuring time.

  - An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs.

  - Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types
    which could be used for cross-origin data exfiltration.

  - An object leak issue broke the isolation boundary between origins.

  - The Safari plugins API did not communicate to plugins that a server-side
    redirect had happened.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to conduct spoofing attacks, replace genuine extensions, bypass security
  restrictions, conduct denial-of-service attack, arbitrary code execution, gain
  access to sensitive information or url redirection.");

  script_tag(name:"affected", value:"Apple Safari versions before 9.0");

  script_tag(name:"solution", value:"Upgrade to Apple Safari version 9.0 or later.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"executable_version");

  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT205265");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76764");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76766");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76763");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76765");
  script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("General");
  script_dependencies("macosx_safari_detect.nasl");
  script_mandatory_keys("AppleSafari/MacOSX/Version");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!safVer = get_app_version(cpe:CPE)){
  exit(0);
}

if(version_is_less(version:safVer, test_version:"9.0"))
{
  report = 'Installed version: ' + safVer + '\n' +
           'Fixed version:     ' + "9.0" + '\n';
  security_message(data:report);
  exit(0);
}

Related

nessus 14
securityvulns 6
openvas 7
kaspersky 1
prion 45
cve 45
fedora 6
mageia 2
ubuntucve 41
intothesymmetry 1
ubuntu 1
nessus
nessus
Mac OS X : Apple Safari < 9.0 Multiple Vulnerabilities
2015-10-02 00:00:00
Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)
2015-09-18 00:00:00
Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)
2015-10-26 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-09-30-2 Safari 9
2015-10-05 00:00:00
Apple Safari / Webkit multiple security vulnerabilities
2015-10-25 00:00:00
APPLE-SA-2015-09-16-3 iTunes 12.3
2015-10-05 00:00:00
openvas
openvas
Apple iTunes Multiple Vulnerabilities (Sep 2015) - Windows
2015-10-01 00:00:00
Mageia: Security Advisory (MGASA-2016-0116)
2016-03-31 00:00:00
Fedora Update for webkitgtk FEDORA-2016-9
2016-04-11 00:00:00
kaspersky
kaspersky
KLA10669 Multiple vulnerabilities in Apple iTunes
2015-09-16 00:00:00
prion
prion
Design/Logic Flaw
2015-09-18 10:59:00
Design/Logic Flaw
2015-09-18 10:59:00
Design/Logic Flaw
2015-09-18 10:59:00
cve
cve
CVE-2015-5764
2015-09-18 10:59:00
CVE-2015-5767
2015-09-18 10:59:00
CVE-2015-5765
2015-09-18 10:59:00
fedora
fedora
[SECURITY] Fedora 22 Update: webkitgtk4-2.10.4-1.fc22
2016-02-01 06:38:54
[SECURITY] Fedora 24 Update: webkitgtk-2.4.10-1.fc24
2016-03-27 00:38:11
[SECURITY] Fedora 23 Update: webkitgtk-2.4.10-1.fc23
2016-03-22 19:55:11
mageia
mageia
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37
Updated webkit packages fix security vulnerability
2016-03-25 09:38:37
ubuntucve
ubuntucve
CVE-2015-5808
2015-09-18 00:00:00
CVE-2015-5810
2015-09-18 00:00:00
CVE-2015-5796
2015-09-18 00:00:00
intothesymmetry
intothesymmetry
Apple Safari URI spoofing (CVE-2015-5764)
2015-09-30 19:12:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2016-03-21 00:00:00

8.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.1%

JSON
Related for OPENVAS:1361412562310805989
nessus14securityvulns6openvas7kaspersky1prion45cve45fedora6mageia2ubuntucve41intothesymmetry1ubuntu1