Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.SAFARI_4.0.NASL
HistoryJun 09, 2009 - 12:00 a.m.

Safari < 4.0 Multiple Vulnerabilities

2009-06-0900:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
27

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.881

Percentile

98.7%

JSON

The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components :

  • CFNetwork
  • CoreGraphics
  • ImageIO
  • International Components for Unicode
  • libxml
  • Safari
  • Safari Windows Installer
  • WebKit
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(39339);
  script_version("1.30");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id("CVE-2006-2783", "CVE-2008-1588", "CVE-2008-2320", "CVE-2008-2321",
                "CVE-2008-3281", "CVE-2008-3529", "CVE-2008-3632", "CVE-2008-4225",
                "CVE-2008-4226", "CVE-2008-4231", "CVE-2008-4409", "CVE-2009-0040",
                "CVE-2009-0145", "CVE-2009-0153", "CVE-2009-0946", "CVE-2009-1179",
                "CVE-2009-1681", "CVE-2009-1682", "CVE-2009-1684", "CVE-2009-1685",
                "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689",
                "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1693", "CVE-2009-1694",
                "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698",
                "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702",
                "CVE-2009-1703", "CVE-2009-1704", "CVE-2009-1705", "CVE-2009-1706",
                "CVE-2009-1707", "CVE-2009-1708", "CVE-2009-1709", "CVE-2009-1710",
                "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714",
                "CVE-2009-1715", "CVE-2009-1716", "CVE-2009-1718", "CVE-2009-2027",
                "CVE-2009-2420", "CVE-2009-2421");
  script_bugtraq_id(30487, 31092, 32326, 33276, 35260, 35270, 35271, 35272, 35283,
                    35284, 35308, 35309, 35310, 35311, 35315, 35317, 35318, 35319,
                    35320, 35321, 35322, 35325, 35327, 35328, 35330, 35331, 35332,
                    35333, 35334, 35339, 35340, 35344, 35346, 35347, 35348, 35349,
                    35350, 35351, 35352, 35353, 35481, 35482);

  script_name(english:"Safari < 4.0 Multiple Vulnerabilities");
  script_summary(english:"Checks Safari's version number");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by several
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Safari installed on the remote Windows host is earlier
than 4.0.  It therefore is potentially affected by numerous issues in
the following components :

  - CFNetwork
  - CoreGraphics
  - ImageIO
  - International Components for Unicode
  - libxml
  - Safari
  - Safari Windows Installer
  - WebKit");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3613");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/17079");
  script_set_attribute(attribute:"solution", value:"Upgrade to Safari 4.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(20, 79, 94, 119, 189, 200, 255, 264, 310, 362, 399);

  script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("safari_installed.nasl");
  script_require_keys("SMB/Safari/FileVersion");

  exit(0);
}


include("global_settings.inc");


path = get_kb_item("SMB/Safari/Path");
version = get_kb_item("SMB/Safari/FileVersion");
if (isnull(version)) exit(0);

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  ver[0] < 4 ||
  (
    ver[0] == 4 &&
    (
      ver[1] < 530 ||
      (ver[1] == 530 && ver[2] < 17)
    )
  )
)
{
  if (report_verbosity > 0)
  {
    if (isnull(path)) path = "n/a";

    prod_version = get_kb_item("SMB/Safari/ProductVersion");
    if (!isnull(prod_version)) version = prod_version;

    report = string(
      "\n",
      "Nessus collected the following information about the current install\n",
      "of Safari on the remote host :\n",
      "\n",
      "  Version : ", version, "\n",
      "  Path    : ", path, "\n"
    );
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}

References

Related

nessus 57
seebug 1
openvas 91
debian 6
osv 5
gentoo 1
securityvulns 2
ubuntu 5
redhat 2
oraclelinux 2
centos 3
ubuntucve 2
freebsd 2
prion 2
cvelist 2
altlinux 2
fedora 9
nvd 1
cve 2
chrome 1
slackware 1
nessus
nessus
Mac OS X : Apple Safari < 4.0
2009-06-09 00:00:00
Debian DSA-1950-1 : webkit - several vulnerabilities
2010-02-24 00:00:00
GLSA-200812-06 : libxml2: Multiple vulnerabilities
2008-12-03 00:00:00
seebug
seebug
Apple Safari 4.0多个安全漏洞
2009-06-11 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities June-09 (Windows) - I
2009-06-16 00:00:00
Apple Safari Multiple Vulnerabilities - 02 - (Jun 2009) - Windows
2009-06-16 00:00:00
Apple Safari Multiple Vulnerabilities - 01 - (Jun 2009) - Windows
2009-06-16 00:00:00
debian
debian
[SECURITY] [DSA-1950-1] New webkit packages fix several vulnerabilities
2009-12-12 10:10:15
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
osv
osv
webkit - several vulnerabilities
2009-12-12 00:00:00
qt4-x11 - several vulnerabilities
2010-02-02 00:00:00
kde4libs - several vulnerabilities
2009-08-19 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2008-12-02 00:00:00
securityvulns
securityvulns
WebKit / Apple Safari multiple security vulnerabilities
2009-06-23 00:00:00
libxml library DoS
2008-08-25 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2009-11-10 00:00:00
WebKit vulnerabilities
2009-09-23 00:00:00
KDE-Libs vulnerabilities
2009-08-24 00:00:00
redhat
redhat
(RHSA-2009:1127) Critical: kdelibs security update
2009-06-25 00:00:00
(RHSA-2008:0988) Important: libxml2 security update
2008-11-17 00:00:00
oraclelinux
oraclelinux
kdelibs security update
2009-06-25 00:00:00
libxml2 security update
2008-11-17 00:00:00
centos
centos
kdelibs security update
2009-06-26 14:03:32
libxml2 security update
2008-11-17 23:54:51
libxml2 security update
2008-11-24 00:43:15
ubuntucve
ubuntucve
CVE-2009-1691
2009-06-10 00:00:00
CVE-2009-1689
2009-06-10 00:00:00
freebsd
freebsd
libxml2 -- two vulnerabilities
2008-08-22 00:00:00
libxml2 -- multiple vulnerabilities
2008-11-18 00:00:00
prion
prion
Design/Logic Flaw
2009-07-09 16:30:00
Code injection
2008-10-03 17:41:00
cvelist
cvelist
CVE-2009-2420
2009-07-09 16:00:00
CVE-2008-4409
2008-10-03 17:18:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.7.2-alt2
2008-11-25 00:00:00
Security fix for the ALT Linux 5 package libxml2 version 1:2.7.2-alt2
2008-11-25 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: libxml2-2.7.2-2.fc10
2008-11-22 16:50:52
[SECURITY] Fedora 10 Update: kdelibs3-3.5.10-13.fc10
2009-07-28 18:28:27
[SECURITY] Fedora 8 Update: libxml2-2.7.2-2.fc8
2008-11-19 14:51:06
nvd
nvd
CVE-2009-2420
2009-07-09 16:30:00
cve
cve
CVE-2009-2420
2009-07-09 16:30:00
CVE-2008-4409
2008-10-03 17:41:40
chrome
chrome
Stable update: 2 WebKit security fixes
2009-06-09 00:00:00
slackware
slackware
[slackware-security] libxml2
2008-11-20 03:51:12

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.881

Percentile

98.7%

JSON
Related for SAFARI_4.0.NASL
nessus57seebug1openvas91debian6osv5gentoo1securityvulns2ubuntu5redhat2oraclelinux2centos3ubuntucve2freebsd2prion2cvelist2altlinux2fedora9nvd1cve2chrome1slackware1