Lucene search

MitreCVE-2009-0162

HistoryMay 13, 2009 - 3:30 p.m.

CVE-2009-0162

2009-05-1315:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2009-0162

xss

safari

mac os x

windows

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

Affected configurations

Nvd

Node

applemac_os_xMatch10.5.0

applemac_os_xMatch10.5.1

applemac_os_xMatch10.5.2

applemac_os_xMatch10.5.3

applemac_os_xMatch10.5.4

applemac_os_xMatch10.5.5

applemac_os_xMatch10.5.6

applemac_os_x_serverMatch10.5.0

applemac_os_x_serverMatch10.5.1

applemac_os_x_serverMatch10.5.2

applemac_os_x_serverMatch10.5.3

applemac_os_x_serverMatch10.5.4

applemac_os_x_serverMatch10.5.6

microsoftwindows_vista

microsoftwindows_xp

AND

applesafariRange≤3.2.2

applesafariMatch0.8

applesafariMatch0.9

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.0.385.8

applesafariMatch1.0.385.8.1

applesafariMatch1.1

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch1.3.2312.5

applesafariMatch1.3.2312.6

applesafariMatch2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.4

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.1

applesafariMatch3.0.2

applesafariMatch3.0.3

applesafariMatch3.0.4

applesafariMatch3.1

applesafariMatch3.1.0

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch4.0beta

VendorProductVersionCPE
applemac_os_x10.5.0cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
applemac_os_x10.5.1cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
applemac_os_x10.5.2cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
applemac_os_x10.5.3cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
applemac_os_x10.5.4cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
applemac_os_x10.5.5cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
applemac_os_x10.5.6cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
applemac_os_x_server10.5.0cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
applemac_os_x_server10.5.1cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
applemac_os_x_server10.5.2cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.5.0	cpe:2.3:o:apple:mac_os_x:10.5.0:::::::*
apple	mac_os_x	10.5.1	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
apple	mac_os_x	10.5.2	cpe:2.3:o:apple:mac_os_x:10.5.2:::::::*
apple	mac_os_x	10.5.3	cpe:2.3:o:apple:mac_os_x:10.5.3:::::::*
apple	mac_os_x	10.5.4	cpe:2.3:o:apple:mac_os_x:10.5.4:::::::*
apple	mac_os_x	10.5.5	cpe:2.3:o:apple:mac_os_x:10.5.5:::::::*
apple	mac_os_x	10.5.6	cpe:2.3:o:apple:mac_os_x:10.5.6:::::::*
apple	mac_os_x_server	10.5.0	cpe:2.3:o:apple:mac_os_x_server:10.5.0:::::::*
apple	mac_os_x_server	10.5.1	cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::*
apple	mac_os_x_server	10.5.2	cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::*

Rows per page:

1-10 of 701

References

lists.apple.com/archives/security-announce/2009/May/msg00000.html

lists.apple.com/archives/security-announce/2009/May/msg00001.html

lists.apple.com/archives/security-announce/2009/May/msg00002.html

secunia.com/advisories/35056

secunia.com/advisories/35074

support.apple.com/kb/HT3549

support.apple.com/kb/HT3550

www.securityfocus.com/bid/34925

www.securitytracker.com/id?1022206

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1298

exchange.xforce.ibmcloud.com/vulnerabilities/50476

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

Related for CVE-2009-0162