Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310902025
HistoryMar 23, 2010 - 12:00 a.m.

Apple Safari Multiple Vulnerabilities (Mar 2010)

2010-03-2300:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
11

6.1 Medium

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

JSON

Apple Safari is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:safari";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902025");
  script_version("2024-02-08T14:36:53+0000");
  script_tag(name:"last_modification", value:"2024-02-08 14:36:53 +0000 (Thu, 08 Feb 2024)");
  script_tag(name:"creation_date", value:"2010-03-23 15:59:14 +0100 (Tue, 23 Mar 2010)");
  script_cve_id("CVE-2010-1029", "CVE-2010-1939");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_name("Apple Safari Multiple Vulnerabilities (Mar 2010)");
  script_xref(name:"URL", value:"http://secunia.com/advisories/39670");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/38398");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/39990");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/56524");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/56527");
  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/11567");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/1097");
  script_xref(name:"URL", value:"http://securitytracker.com/alerts/2010/May/1023958.html");

  script_tag(name:"qod_type", value:"registry");
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("secpod_apple_safari_detect_win_900003.nasl");
  script_mandatory_keys("AppleSafari/Version");

  script_tag(name:"impact", value:"Successful exploitation could allow remote attackers to send a
  malformed CSS stylesheet tag containing an overly long string, which leads to
  application crash or possibly execute arbitrary code on the system.");

  script_tag(name:"affected", value:"Apple Safari version 4.0.5 and lower.");

  script_tag(name:"insight", value:"The flaws are caused by,

  - Error in the 'CSSSelector()' function when handling CSS stylesheet tag
   containing an overly long string.

  - Improper bounds checking by the 'WebKit' library when processing CSS
   stylesheet tag containing an overly long string.

  - Use-after-free error when handling of a deleted window object, allows attackers
   to execute arbitrary code by using 'window.open' to create a popup window for
   a crafted HTML document, and then calling the parent window&qts close method.

  - Includes HTTP basic authentication credentials in an HTTP request if a web page
   that requires HTTP basic authentication redirects to a different domain.");

  script_tag(name:"solution", value:"Upgrade to Apple Safari 5.0 or later.");

  script_tag(name:"summary", value:"Apple Safari is prone to multiple vulnerabilities.");

  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

## Included version 4.0.5 because exploit is working
if(version_is_less_equal(version:vers, test_version:"5.31.22.7")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"Safari 5.0 (output of installed version differ from actual Safari version)", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

openvas 1
prion 2
cvelist 2
ubuntucve 1
cve 2
debiancve 2
checkpoint_advisories 3
saint 4
cert 1
nessus 2
openvas
openvas
Apple Saferi multiple vulnerabilities (Mar10)
2010-03-23 00:00:00
prion
prion
Stack overflow
2010-03-19 21:30:00
Design/Logic Flaw
2010-05-13 22:30:00
cvelist
cvelist
CVE-2010-1029
2010-03-19 21:00:00
CVE-2010-1939
2010-05-13 22:00:00
ubuntucve
ubuntucve
CVE-2010-1029
2010-03-19 00:00:00
cve
cve
CVE-2010-1029
2010-03-19 21:30:00
CVE-2010-1939
2010-05-13 22:30:00
debiancve
debiancve
CVE-2010-1029
2010-03-19 21:30:00
CVE-2010-1939
2010-05-13 22:30:00
checkpoint_advisories
checkpoint_advisories
Apple Safari parent.close Code Execution - Ver2 (CVE-2010-1939)
2014-01-07 00:00:00
Apple Safari parent.close Code Execution (CVE-2010-1939)
2010-07-02 00:00:00
Apple Safari Parent.Close User After Free - Ver2 (CVE-2010-1939)
2014-02-03 00:00:00
saint
saint
Apple Safari parent.close() Invalid Pointer Code Execution
2010-05-28 00:00:00
Apple Safari parent.close() Invalid Pointer Code Execution
2010-05-28 00:00:00
Apple Safari parent.close() Invalid Pointer Code Execution
2010-05-28 00:00:00
cert
cert
Apple Safari window object invalid pointer vulnerability
2010-05-10 00:00:00
nessus
nessus
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2014-06-13 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2011-05-05 00:00:00

6.1 Medium

AI Score

Confidence

Low

0.957 High

EPSS

Percentile

99.4%

JSON
Related for OPENVAS:1361412562310902025
openvas1prion2cvelist2ubuntucve1cve2debiancve2checkpoint_advisories3saint4cert1nessus2