Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2017 Greenbone AGOPENVAS:1361412562310810727
HistoryMar 31, 2017 - 12:00 a.m.

Apple Safari Multiple Vulnerabilities (HT207600)

2017-03-3100:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
25

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.238 Low

EPSS

Percentile

96.5%

JSON

Apple Safari is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:safari";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.810727");
  script_version("2024-02-16T14:37:06+0000");
  script_cve_id("CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367",
                "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2385", "CVE-2017-2386",
                "CVE-2017-2389", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396",
                "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2424",
                "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446",
                "CVE-2017-2447", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455",
                "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2464",
                "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469",
                "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476",
                "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-7071");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2024-02-16 14:37:06 +0000 (Fri, 16 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-07-12 01:29:00 +0000 (Wed, 12 Jul 2017)");
  script_tag(name:"creation_date", value:"2017-03-31 16:41:59 +0530 (Fri, 31 Mar 2017)");
  script_name("Apple Safari Multiple Vulnerabilities (HT207600)");

  script_tag(name:"summary", value:"Apple Safari is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Multiple memory corruption issues,

  - A state management issue,

  - A spoofing and denial-of-service issue existed in the handling
    of HTTP authentication,

  - A spoofing issue existed in the handling of FaceTime prompts,

  - A keychain handling issue in keychain item management,

  - A prototype access issue in exception handling,

  - Multiple memory corruption issues in input validation,

  - Multiple memory corruption issues in memory handling,

  - A type confusion issue in memory handling,

  - An access issue existed in Content Security Policy,

  - An uncontrolled resource consumption issue in regex processing,

  - An information disclosure issue existed in the processing of OpenGL shaders,

  - A memory corruption issue in input validation,

  - Multiple validation issues existed in the handling of page loading,

  - A validation issue existed in the handling of page loading,

  - A logic issue existed in the handling of frame objects,

  - A logic issue existed in the handling of strict mode functions.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to disclose sensitive information and can also lead to arbitrary
  code execution.");

  script_tag(name:"affected", value:"Apple Safari versions before 10.1");

  script_tag(name:"solution", value:"Upgrade to Apple Safari 10.1 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT207600");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94554");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94559");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/95725");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/97130");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/97129");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/97136");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/97143");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/97176");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/97133");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/100613");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("General");
  script_dependencies("macosx_safari_detect.nasl");
  script_mandatory_keys("AppleSafari/MacOSX/Version");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);
safVer = infos['version'];
path = infos['location'];


if(version_is_less(version:safVer, test_version:"10.1"))
{
  report = report_fixed_ver(installed_version:safVer, fixed_version:"10.1", install_path:path);
  security_message(data:report);
  exit(0);
}
exit(0);

Related

openvas 3
nessus 8
archlinux 1
ubuntu 1
mageia 1
apple 8
gentoo 1
prion 34
debiancve 27
ubuntucve 32
cve 35
zdi 4
seebug 16
packetstorm 12
zdt 15
alpinelinux 1
openvas
openvas
Ubuntu: Security Advisory (USN-3257-1)
2017-04-11 00:00:00
Mageia: Security Advisory (MGASA-2017-0109)
2022-01-28 00:00:00
Apple iCloud Multiple Vulnerabilities (HT207607) - Windows
2017-05-16 00:00:00
nessus
nessus
Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3257-1)
2017-04-11 00:00:00
Safari < 10.1 Multiple Vulnerabilities
2017-03-31 00:00:00
macOS : Apple Safari < 10.1 Multiple Vulnerabilities
2017-04-03 00:00:00
archlinux
archlinux
[ASA-201704-9] webkit2gtk: multiple issues
2017-04-28 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-04-10 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2017-04-16 09:29:12
apple
apple
About the security content of Safari 10.1
2017-03-27 00:00:00
About the security content of Safari 10.1 - Apple Support
2017-08-29 02:51:42
About the security content of tvOS 10.2 - Apple Support
2017-06-20 10:43:59
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2017-06-07 00:00:00
prion
prion
Design/Logic Flaw
2017-02-03 15:59:00
Code injection
2017-03-07 16:59:00
Memory corruption
2017-04-02 01:59:00
debiancve
debiancve
CVE-2016-9643
2017-03-07 16:59:00
CVE-2016-9642
2017-02-03 15:59:00
CVE-2017-2396
2017-04-02 01:59:00
ubuntucve
ubuntucve
CVE-2016-9642
2017-02-03 00:00:00
CVE-2016-9643
2017-03-07 00:00:00
CVE-2017-2396
2017-04-01 00:00:00
cve
cve
CVE-2016-9643
2017-03-07 16:59:00
CVE-2016-9642
2017-02-03 15:59:00
CVE-2017-2405
2017-04-02 01:59:00
zdi
zdi
Apple Safari HTMLSlotElement Use-After-Free Remote Code Execution Vulnerability
2017-09-05 00:00:00
Apple Safari ElementData Use-After-Free Remote Code Execution Vulnerability
2017-03-28 00:00:00
Apple Safari Node Use-After-Free Remote Code Execution Vulnerability
2017-06-22 00:00:00
seebug
seebug
WebKit: UXSS via a synchronous page load(CVE-2017-2480)
2017-04-07 00:00:00
Apple Webkit: UXSS by accessing a named property from an unloaded window (CVE-2017-2367)
2017-04-04 00:00:00
WebKit: WebCore::toJS use-after-free(CVE-2017-2476)
2017-04-05 00:00:00
packetstorm
packetstorm
WebKit WebCore::toJS Use-After-Free
2017-04-10 00:00:00
WebKit Synchronous Page Load UXSS
2017-04-10 00:00:00
Apple Webkit Named Property UXSS
2017-04-09 00:00:00
zdt
zdt
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Expl
2017-04-12 00:00:00
Apple WebKit - Document::adoptNode Use-After-Free Exploit
2017-04-12 00:00:00
Apple WebKit - FormSubmission::create Use-After-Free Exploit
2017-04-05 00:00:00
alpinelinux
alpinelinux
CVE-2017-2364
2017-02-20 08:59:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.238 Low

EPSS

Percentile

96.5%

JSON
Related for OPENVAS:1361412562310810727
openvas3nessus8archlinux1ubuntu1mageia1apple8gentoo1prion34debiancve27ubuntucve32cve35zdi4seebug16packetstorm12zdt15alpinelinux1