Copyright (C) 2018 Greenbone AGOPENVAS:1361412562310814020Apple Safari Security Updates (HT209109)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.5%
Apple Safari is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:apple:safari";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.814020");
script_version("2024-02-09T14:47:30+0000");
script_cve_id("CVE-2018-4307", "CVE-2018-4329", "CVE-2018-4195");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-04-08 01:36:00 +0000 (Mon, 08 Apr 2019)");
script_tag(name:"creation_date", value:"2018-09-18 10:35:42 +0530 (Tue, 18 Sep 2018)");
script_name("Apple Safari Security Updates (HT209109)");
script_tag(name:"summary", value:"Apple Safari is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is
present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- A logic issue due to improper state management.
- Clearing a history item may not clear visits with redirect chains.
- An inconsistent user interface issue.");
script_tag(name:"impact", value:"Successful exploitation allows attackers
to conduct user interface spoofing, exfiltrate autofilled data in Safari
and bypass security restrictions.");
script_tag(name:"affected", value:"Apple Safari versions before 12");
script_tag(name:"solution", value:"Upgrade to Apple Safari 12 or later. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version");
script_xref(name:"URL", value:"https://support.apple.com/en-us/HT209109");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone AG");
script_family("General");
script_dependencies("macosx_safari_detect.nasl");
script_mandatory_keys("AppleSafari/MacOSX/Version");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
exit(0);
safVer = infos['version'];
safPath = infos['location'];
if(version_is_less(version:safVer, test_version:"12")) {
report = report_fixed_ver(installed_version:safVer, fixed_version:"12", install_path:safPath);
security_message(data:report);
exit(0);
}
exit(99);
References
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.5%