Lucene search

AppleCVE-2010-0544

HistoryJun 11, 2010 - 7:30 p.m.

CVE-2010-0544

2010-06-1119:30:12

CWE-79

apple

web.nvd.nist.gov

cve-2010-0544

cross-site scripting

xss

webkit

apple safari

remote attackers

malformed url

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.

Affected configurations

Nvd

Node

applesafariRange≤4.0.5

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

applesafariMatch4.0.4

applewebkit

AND

applemac_os_xMatch10.5

applemac_os_xMatch10.5.0

applemac_os_xMatch10.5.1

applemac_os_xMatch10.5.2

applemac_os_xMatch10.5.3

applemac_os_xMatch10.5.4

applemac_os_xMatch10.5.5

applemac_os_xMatch10.5.6

applemac_os_xMatch10.5.7

applemac_os_xMatch10.5.8

applemac_os_xMatch10.6.0

applemac_os_xMatch10.6.1

applemac_os_xMatch10.6.2

applemac_os_xMatch10.6.3

applemac_os_x_serverMatch10.5

applemac_os_x_serverMatch10.5.0

applemac_os_x_serverMatch10.5.1

applemac_os_x_serverMatch10.5.2

applemac_os_x_serverMatch10.5.3

applemac_os_x_serverMatch10.5.4

applemac_os_x_serverMatch10.5.5

applemac_os_x_serverMatch10.5.6

applemac_os_x_serverMatch10.5.7

applemac_os_x_serverMatch10.5.8

applemac_os_x_serverMatch10.6.0

applemac_os_x_serverMatch10.6.1

applemac_os_x_serverMatch10.6.2

applemac_os_x_serverMatch10.6.3

microsoftwindows_7

microsoftwindows_vista

microsoftwindows_xpsp2

microsoftwindows_xpsp3

Node

applesafariRange≤4.0.5

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

applesafariMatch4.0.4

applewebkit

AND

applemac_os_xMatch10.4

applemac_os_xMatch10.4.0

applemac_os_xMatch10.4.1

applemac_os_xMatch10.4.2

applemac_os_xMatch10.4.3

applemac_os_xMatch10.4.4

applemac_os_xMatch10.4.5

applemac_os_xMatch10.4.6

applemac_os_xMatch10.4.7

applemac_os_xMatch10.4.8

applemac_os_xMatch10.4.9

applemac_os_xMatch10.4.10

applemac_os_xMatch10.4.11

applemac_os_x_serverMatch10.4

applemac_os_x_serverMatch10.4.0

applemac_os_x_serverMatch10.4.1

applemac_os_x_serverMatch10.4.2

applemac_os_x_serverMatch10.4.3

applemac_os_x_serverMatch10.4.4

applemac_os_x_serverMatch10.4.5

applemac_os_x_serverMatch10.4.6

applemac_os_x_serverMatch10.4.7

applemac_os_x_serverMatch10.4.8

applemac_os_x_serverMatch10.4.9

applemac_os_x_serverMatch10.4.10

applemac_os_x_serverMatch10.4.11

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applesafari4.0cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
applesafari4.0.0bcpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
applesafari4.0.1cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
applesafari4.0.2cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
applesafari4.0.3cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
applesafari4.0.4cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*
applewebkit*cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
applemac_os_x10.5cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
applemac_os_x10.5.0cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	safari	4.0	cpe:2.3:a:apple:safari:4.0:::::::*
apple	safari	4.0.0b	cpe:2.3:a:apple:safari:4.0.0b:::::::*
apple	safari	4.0.1	cpe:2.3:a:apple:safari:4.0.1:::::::*
apple	safari	4.0.2	cpe:2.3:a:apple:safari:4.0.2:::::::*
apple	safari	4.0.3	cpe:2.3:a:apple:safari:4.0.3:::::::*
apple	safari	4.0.4	cpe:2.3:a:apple:safari:4.0.4:::::::*
apple	webkit	*	cpe:2.3:a:apple:webkit::::::::
apple	mac_os_x	10.5	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
apple	mac_os_x	10.5.0	cpe:2.3:o:apple:mac_os_x:10.5.0:::::::*

Rows per page:

1-10 of 661

References

lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

secunia.com/advisories/40105

secunia.com/advisories/40196

secunia.com/advisories/42314

securitytracker.com/id?1024067

support.apple.com/kb/HT4196

support.apple.com/kb/HT4220

support.apple.com/kb/HT4225

support.apple.com/kb/HT4456

www.securityfocus.com/bid/40620

www.vupen.com/english/advisories/2010/1373

www.vupen.com/english/advisories/2010/1512

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6656

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

71.3%

JSON

Related for CVE-2010-0544