Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.SAFARI_5_0.NASL
HistoryJun 08, 2010 - 12:00 a.m.

Safari < 5.0 Multiple Vulnerabilities

2010-06-0800:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
13

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

The version of Safari installed on the remote Windows host is earlier than 5.0. As such, it is potentially affected by numerous issues in the following components :

  • ColorSync

  • Safari

  • WebKit

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(46838);
  script_version("1.20");
  script_cvs_date("Date: 2018/07/30 11:55:12");

  script_cve_id(
    "CVE-2009-1726",
    "CVE-2010-0544",
    "CVE-2010-1119",
    "CVE-2010-1384",
    "CVE-2010-1385",
    "CVE-2010-1389",
    "CVE-2010-1390",
    "CVE-2010-1391",
    "CVE-2010-1392",
    "CVE-2010-1393",
    "CVE-2010-1394",
    "CVE-2010-1395",
    "CVE-2010-1396",
    "CVE-2010-1397",
    "CVE-2010-1398",
    "CVE-2010-1399",
    "CVE-2010-1400",
    "CVE-2010-1401",
    "CVE-2010-1402",
    "CVE-2010-1403",
    "CVE-2010-1404",
    "CVE-2010-1405",
    "CVE-2010-1406",
    "CVE-2010-1408",
    "CVE-2010-1409",
    "CVE-2010-1410",
    "CVE-2010-1412",
    "CVE-2010-1413",
    "CVE-2010-1414",
    "CVE-2010-1415",
    "CVE-2010-1416",
    "CVE-2010-1417",
    "CVE-2010-1418",
    "CVE-2010-1419",
    "CVE-2010-1421",
    "CVE-2010-1422",
    "CVE-2010-1749",
    "CVE-2010-1750",
    "CVE-2010-1758",
    "CVE-2010-1759",
    "CVE-2010-1761",
    "CVE-2010-1762",
    "CVE-2010-1764",
    "CVE-2010-1770",
    "CVE-2010-1771",
    "CVE-2010-1774",
    "CVE-2010-2264"
  );
  script_bugtraq_id(
    40642,
    40644,
    40645,
    40646,
    40647,
    40649,
    40650,
    40652,
    40653,
    40654,
    40655,
    40656,
    40658,
    40659,
    40660,
    40661,
    40663,
    40665,
    40666,
    40667,
    40668,
    40670,
    40671,
    40672,
    40673,
    40674,
    40675,
    40697,
    40698,
    40704,
    40705,
    40707,
    40710,
    40714,
    40717,
    40726,
    40727,
    40732,
    40733,
    40750,
    40752,
    40753,
    40754,
    40756
  );

  script_name(english:"Safari < 5.0 Multiple Vulnerabilities");
  script_summary(english:"Checks Safari's version number");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host contains a web browser that is affected by several
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Safari installed on the remote Windows host is earlier
than 5.0.  As such, it is potentially affected by numerous issues in the
following components :

  - ColorSync

  - Safari

  - WebKit"
  );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4196");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Safari 5.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("safari_installed.nasl");
  script_require_keys("SMB/Safari/FileVersion");

  exit(0);
}


include("global_settings.inc");


path = get_kb_item("SMB/Safari/Path");
version = get_kb_item("SMB/Safari/FileVersion");
if (isnull(version)) exit(1, "The 'SMB/Safari/FileVersion' KB item is missing.");

version_ui = get_kb_item("SMB/Safari/ProductVersion");
if (isnull(version_ui)) version_ui = version;

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  ver[0] < 5 ||
  (
    ver[0] == 5 &&
    (
      ver[1] < 33 ||
      (ver[1] == 33 && ver[2] < 16)
    )
  )
)
{
  if (report_verbosity > 0)
  {
    if (isnull(path)) path = "n/a";

    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_ui +
      '\n  Fixed version     : 5.0\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

nessus 14
openvas 21
securityvulns 12
threatpost 1
freebsd 1
fedora 7
prion 24
nvd 24
zdi 8
ubuntucve 24
cvelist 19
debiancve 19
cve 21
seebug 1
exploitpack 1
packetstorm 1
checkpoint_advisories 1
nessus
nessus
Safari < 4.1 / 5.0 Multiple Vulnerabilities
2010-06-08 00:00:00
Safari < 4.1 / 5.0 Multiple Vulnerabilities
2010-06-08 00:00:00
Mac OS X : Apple Safari < 5.0 / 4.1
2010-06-08 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (June-10)
2010-06-16 00:00:00
Apple Safari Multiple Vulnerabilities (Jun 2010)
2010-06-16 00:00:00
FreeBSD Ports: webkit-gtk2
2010-07-22 00:00:00
securityvulns
securityvulns
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability &#40;CVE-2010-1392&#41;
2010-06-08 00:00:00
Apple Webkit / Safari / Google Chrome multiple security vulnerabilities
2010-06-11 00:00:00
ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
2010-06-08 00:00:00
threatpost
threatpost
Apple Plugs 48 Security Holes in Safari Browser
2010-06-08 13:06:29
freebsd
freebsd
webkit-gtk2 -- Multiple vulnerabilities
2010-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: qt-4.6.3-8.fc13
2010-07-13 07:40:16
[SECURITY] Fedora 13 Update: webkitgtk-1.2.4-1.fc13
2010-09-15 05:40:48
[SECURITY] Fedora 12 Update: webkitgtk-1.2.4-1.fc12
2010-09-21 01:43:18
prion
prion
Design/Logic Flaw
2010-06-11 18:00:00
Memory corruption
2010-06-11 18:00:00
Design/Logic Flaw
2010-06-11 18:00:00
nvd
nvd
CVE-2010-1414
2010-06-11 18:00:45
CVE-2010-1403
2010-06-11 18:00:32
CVE-2010-1401
2010-06-11 18:00:29
zdi
zdi
Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
2010-06-08 00:00:00
Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability
2010-06-08 00:00:00
Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability
2010-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2010-1404
2010-06-11 00:00:00
CVE-2010-1414
2010-06-11 00:00:00
CVE-2010-1410
2010-06-11 00:00:00
cvelist
cvelist
CVE-2010-1414
2010-06-11 17:28:00
CVE-2010-1764
2010-06-11 19:00:00
CVE-2010-1404
2010-06-11 17:28:00
debiancve
debiancve
CVE-2010-1413
2010-06-11 18:00:00
CVE-2010-1403
2010-06-11 18:00:00
CVE-2010-1410
2010-06-11 18:00:00
cve
cve
CVE-2010-1402
2010-06-11 18:00:32
CVE-2010-1401
2010-06-11 18:00:29
CVE-2010-1416
2010-06-11 18:00:45
seebug
seebug
Webkit Normalize Bug - Android 2.2
2014-07-01 00:00:00
exploitpack
exploitpack
Webkit Normalize Bug - Android 2.2
2012-02-01 00:00:00
packetstorm
packetstorm
Android 2.2 Webkit Normalize
2012-02-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Webkit Option Element ContentEditable Code Execution (CVE-2010-1396)
2010-09-26 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON
Related for SAFARI_5_0.NASL
nessus14openvas21securityvulns12threatpost1freebsd1fedora7prion24nvd24zdi8ubuntucve24cvelist19debiancve19cve21seebug1exploitpack1packetstorm1checkpoint_advisories1