Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2017 Greenbone AGOPENVAS:1361412562310810724
HistoryMar 30, 2017 - 12:00 a.m.

Apple iTunes Multiple Vulnerabilities (HT207599) - Windows

2017-03-3000:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.08 Low

EPSS

Percentile

94.2%

JSON

Apple iTunes is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:itunes";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.810724");
  script_version("2024-02-16T14:37:06+0000");
  script_cve_id("CVE-2009-3270", "CVE-2009-3560", "CVE-2009-3720", "CVE-2012-1147",
                "CVE-2012-1148", "CVE-2012-6702", "CVE-2013-7443", "CVE-2015-1283",
                "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-3717",
                "CVE-2015-6607", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300",
                "CVE-2016-6153", "CVE-2017-2383", "CVE-2017-2463", "CVE-2017-2479",
                "CVE-2017-2480", "CVE-2017-5029");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"2024-02-16 14:37:06 +0000 (Fri, 16 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-06-27 17:05:00 +0000 (Mon, 27 Jun 2022)");
  script_tag(name:"creation_date", value:"2017-03-30 17:37:29 +0530 (Thu, 30 Mar 2017)");
  script_name("Apple iTunes Multiple Vulnerabilities (HT207599) - Windows");

  script_tag(name:"summary", value:"Apple iTunes is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to:

  - a client certificate was sent in plaintext. This issue was addressed
    through improved certificate handling.

  - multiple issues existed in SQLite

  - multiple issues existed in expat

  - multiple memory corruption issues were addressed through
  improved memory handling

  - processing maliciously crafted web content may lead to arbitrary
  code execution

  - processing maliciously crafted web content may exfiltrate data
  cross-origin");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to execute arbitrary code, cause unexpected application termination
  and disclose sensitive information.");

  script_tag(name:"affected", value:"Apple iTunes versions before 12.6 on Windows.");

  script_tag(name:"solution", value:"Upgrade to Apple iTunes 12.6.4 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT207599");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74228");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_apple_itunes_detection_win_900123.nasl");
  script_mandatory_keys("iTunes/Win/Installed");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less(version:vers, test_version:"12.6")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"12.6", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

openvas 64
nessus 58
apple 6
ubuntu 3
ibm 18
ubuntucve 2
fedora 6
slackware 1
gentoo 3
osv 5
centos 2
securityvulns 2
oraclelinux 2
kaspersky 1
debian 7
freebsd 2
redhat 2
amazon 1
f5 3
cloudfoundry 1
suse 4
archlinux 4
mageia 1
prion 1
openvas
openvas
Apple iTunes Multiple Vulnerabilities (HT207598) - Mac OS X
2017-03-30 00:00:00
Ubuntu: Security Advisory (USN-3013-1)
2016-06-21 00:00:00
Ubuntu: Security Advisory (USN-2698-1)
2015-07-31 00:00:00
nessus
nessus
Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)
2017-05-08 00:00:00
Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)
2017-05-08 00:00:00
Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)
2017-05-08 00:00:00
apple
apple
About the security content of iTunes 12.6 - Apple Support
2017-03-22 07:40:40
About the security content of iTunes 12.6
2017-03-21 00:00:00
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
ubuntu
ubuntu
XML-RPC for C and C++ vulnerabilities
2016-06-20 00:00:00
SQLite vulnerabilities
2015-07-30 00:00:00
Expat vulnerabilities
2016-06-20 00:00:00
ibm
ibm
Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect
2018-06-17 15:27:43
Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows
2018-06-16 13:43:54
Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics
2019-10-18 03:10:29
ubuntucve
ubuntucve
CVE-2015-6607
2015-10-06 00:00:00
CVE-2016-5300
2016-06-06 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23
2016-06-19 07:27:54
[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22
2016-07-12 02:27:38
[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24
2016-06-21 19:27:49
slackware
slackware
[slackware-security] expat
2016-12-24 19:24:21
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
SQLite: Multiple vulnerabilities
2015-07-07 00:00:00
Expat: Multiple vulnerabilities
2012-09-24 00:00:00
osv
osv
sqlite3 - security update
2015-05-06 00:00:00
expat - security update
2016-05-19 00:00:00
expat - security update
2016-06-07 00:00:00
centos
centos
lemon, sqlite security update
2015-08-17 16:54:44
expat security update
2009-12-07 23:34:29
securityvulns
securityvulns
[ MDVSA-2015:217 ] sqlite3
2015-05-05 00:00:00
SQLite multiple security vulnerabilities
2015-05-05 00:00:00
oraclelinux
oraclelinux
sqlite security update
2015-08-17 00:00:00
expat security update
2009-12-07 00:00:00
kaspersky
kaspersky
KLA10565 Denial of service vulnerabilities in SQLite
2015-04-24 00:00:00
debian
debian
[SECURITY] [DSA 3252-1] sqlite3 security update
2015-05-06 20:22:58
[SECURITY] [DSA 3582-1] expat security update
2016-05-18 05:18:57
[SECURITY] [DSA 3582-1] expat security update
2016-05-18 05:18:57
freebsd
freebsd
sqlite -- multiple vulnerabilities
2015-04-14 00:00:00
expat -- multiple vulnerabilities
2016-03-18 00:00:00
redhat
redhat
(RHSA-2015:1635) Moderate: sqlite security update
2015-08-17 00:00:00
(RHSA-2009:1625) Moderate: expat security update
2009-12-07 00:00:00
amazon
amazon
Medium: sqlite
2015-09-02 12:00:00
f5
f5
K37236006 : SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415
2016-06-07 00:00:00
SOL37236006 - SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415
2016-06-07 00:00:00
SOL22232964 - Expat XML library vulnerability CVE-2016-4472
2016-10-21 00:00:00
cloudfoundry
cloudfoundry
USN-3010-1 Expat vulnerabilities | Cloud Foundry
2016-07-13 00:00:00
suse
suse
Security update for expat (important)
2016-06-07 13:08:02
Security update for expat (important)
2016-06-08 12:07:50
Security update for expat (important)
2016-05-30 14:09:21
archlinux
archlinux
expat: arbitrary code execution
2016-05-18 00:00:00
lib32-expat: arbitrary code execution
2016-05-18 00:00:00
expat: multiple issues
2016-06-13 00:00:00
mageia
mageia
Updated expat packages fix security vulnerabilities
2016-06-17 08:58:14
prion
prion
Buffer overflow
2009-12-04 21:30:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.08 Low

EPSS

Percentile

94.2%

JSON
Related for OPENVAS:1361412562310810724
openvas64nessus58apple6ubuntu3ibm18ubuntucve2fedora6slackware1gentoo3osv5centos2securityvulns2oraclelinux2kaspersky1debian7freebsd2redhat2amazon1f53cloudfoundry1suse4archlinux4mageia1prion1