Tenable4932.PRMSafari < 3.2.2 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
79.0%
The version of Safari installed on the remote Windows host is earlier than 3.2.2. Such versions reportedly have multiple vulnerabilities :
-
Multiple input validation issues in their handling of 'feed: ’ URLs, which could be abused to execute arbitrary JavaScript code in the local security zone. (CVE-2009-0137)
-
A cached certificate is not required before displaying a lock icon for a HTTPS web site. This allows a man-in-the-middle attacker to present the user with spoofed web pages over HTTPS that appear to be from a legitimate source. (CVE-2009-2072)
-
The browser processes a 3xxx HTTP CONNECT before a successful SSL handshake, which could allow a man-in-the-midddle attacker to execute arbitrary script code in the context of a HTTPS site. (CVE-2009-2062)
Binary data 4932.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2072
lists.apple.com/archives/security-announce/2009/feb/msg00001.html
research.microsoft.com/apps/pubs/default.aspx?id=79323
support.apple.com/kb/ht3439
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
79.0%