CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
98.9%
The version of Safari installed on the remote Windows host is earlier than 5.0.3. As such, it is potentially affected by numerous issues in its WebKit component that could allow arbitrary code execution, session tracking, address bar spoofing, and other sorts of attacks.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(50654);
script_version("1.14");
script_cvs_date("Date: 2018/07/27 18:38:15");
script_cve_id(
"CVE-2010-1812",
"CVE-2010-1813",
"CVE-2010-1814",
"CVE-2010-1815",
"CVE-2010-1822",
"CVE-2010-3116",
"CVE-2010-3257",
"CVE-2010-3259",
"CVE-2010-3803",
"CVE-2010-3804",
"CVE-2010-3805",
"CVE-2010-3808",
"CVE-2010-3809",
"CVE-2010-3810",
"CVE-2010-3811",
"CVE-2010-3812",
"CVE-2010-3813",
"CVE-2010-3816",
"CVE-2010-3817",
"CVE-2010-3818",
"CVE-2010-3819",
"CVE-2010-3820",
"CVE-2010-3821",
"CVE-2010-3822",
"CVE-2010-3823",
"CVE-2010-3824",
"CVE-2010-3826"
);
script_bugtraq_id(
43079,
43081,
43083,
44200,
44206,
44950,
44952,
44953,
44954,
44955,
44956,
44957,
44958,
44959,
44960,
44961,
44962,
44963,
44964,
44965,
44967,
44969,
44970,
44971
);
script_name(english:"Safari < 5.0.3 Multiple Vulnerabilities");
script_summary(english:"Checks Safari's version number");
script_set_attribute(
attribute:"synopsis",
value:
"The remote host contains a web browser that is affected by several
vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The version of Safari installed on the remote Windows host is earlier
than 5.0.3. As such, it is potentially affected by numerous issues in
its WebKit component that could allow arbitrary code execution, session
tracking, address bar spoofing, and other sorts of attacks."
);
script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4455");
script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00002.html");
script_set_attribute(attribute:"solution", value:"Upgrade to Safari 5.0.3 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/08");
script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
script_dependencies("safari_installed.nasl");
script_require_keys("SMB/Safari/FileVersion");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("SMB/Safari/FileVersion");
version_ui = get_kb_item("SMB/Safari/ProductVersion");
if (isnull(version_ui)) version_ui = version;
if (ver_compare(ver:version, fix:"5.33.19.4") == -1)
{
if (report_verbosity > 0)
{
path = get_kb_item("SMB/Safari/Path");
if (isnull(path)) path = "n/a";
report =
'\n Path : ' + path +
'\n Installed version : ' + version_ui +
'\n Fixed version : 5.0.3 (7533.19.4)\n';
security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3809
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3826
lists.apple.com/archives/security-announce/2010/Nov/msg00002.html
support.apple.com/kb/HT4455
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
98.9%