Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SAFARI_5_0_4.NASL
HistoryMar 10, 2011 - 12:00 a.m.

Safari < 5.0.4 Multiple Vulnerabilities

2011-03-1000:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
17

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.664

Percentile

98.0%

JSON

The version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components :

  • ImageIO

  • libxml

  • WebKit

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(52613);
  script_version("1.18");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id(
    "CVE-2010-1205",
    "CVE-2010-1824",
    "CVE-2010-2249",
    "CVE-2010-4008",
    "CVE-2010-4494",
    "CVE-2011-0111",
    "CVE-2011-0112",
    "CVE-2011-0113",
    "CVE-2011-0114",
    "CVE-2011-0115",
    "CVE-2011-0116",
    "CVE-2011-0117",
    "CVE-2011-0118",
    "CVE-2011-0119",
    "CVE-2011-0120",
    "CVE-2011-0121",
    "CVE-2011-0122",
    "CVE-2011-0123",
    "CVE-2011-0124",
    "CVE-2011-0125",
    "CVE-2011-0126",
    "CVE-2011-0127",
    "CVE-2011-0128",
    "CVE-2011-0129",
    "CVE-2011-0130",
    "CVE-2011-0131",
    "CVE-2011-0132",
    "CVE-2011-0133",
    "CVE-2011-0134",
    "CVE-2011-0135",
    "CVE-2011-0136",
    "CVE-2011-0137",
    "CVE-2011-0138",
    "CVE-2011-0139",
    "CVE-2011-0140",
    "CVE-2011-0141",
    "CVE-2011-0142",
    "CVE-2011-0143",
    "CVE-2011-0144",
    "CVE-2011-0145",
    "CVE-2011-0146",
    "CVE-2011-0147",
    "CVE-2011-0148",
    "CVE-2011-0149",
    "CVE-2011-0150",
    "CVE-2011-0151",
    "CVE-2011-0152",
    "CVE-2011-0153",
    "CVE-2011-0154",
    "CVE-2011-0155",
    "CVE-2011-0156",
    "CVE-2011-0160",
    "CVE-2011-0161",
    "CVE-2011-0163",
    "CVE-2011-0165",
    "CVE-2011-0166",
    "CVE-2011-0167",
    "CVE-2011-0168",
    "CVE-2011-0169",
    "CVE-2011-0170",
    "CVE-2011-0191",
    "CVE-2011-0192"
  );
  script_bugtraq_id(
    41174,
    44779,
    46657,
    46658,
    46659,
    46677,
    46684,
    46686,
    46687,
    46688,
    46689,
    46690,
    46691,
    46692,
    46693,
    46694,
    46695,
    46696,
    46698,
    46699,
    46700,
    46701,
    46702,
    46704,
    46705,
    46706,
    46707,
    46708,
    46709,
    46710,
    46711,
    46712,
    46713,
    46714,
    46715,
    46716,
    46717,
    46718,
    46719,
    46720,
    46721,
    46722,
    46723,
    46724,
    46725,
    46726,
    46727,
    46728,
    46744,
    46745,
    46746,
    46747,
    46748,
    46749,
    46808,
    46809,
    46811,
    46814,
    46816
  );

  script_name(english:"Safari < 5.0.4 Multiple Vulnerabilities");
  script_summary(english:"Checks Safari's version number");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host contains a web browser that is affected by several
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Safari installed on the remote Windows host is earlier
than 5.0.4.  It therefore is potentially affected by several issues in
the following components :

  - ImageIO

  - libxml

  - WebKit"
  );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4566");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00004.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Safari 5.0.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("safari_installed.nasl");
  script_require_keys("SMB/Safari/FileVersion");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/Safari/FileVersion");

version_ui = get_kb_item("SMB/Safari/ProductVersion");
if (isnull(version_ui)) version_ui = version;

if (ver_compare(ver:version, fix:"5.33.20.27") == -1)
{
  if (report_verbosity > 0)
  {
    path = get_kb_item("SMB/Safari/Path");
    if (isnull(path)) path = "n/a";

    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_ui +
      '\n  Fixed version     : 5.0.4 (7533.20.27)\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

nessus 36
securityvulns 8
openvas 48
altlinux 6
ubuntu 1
fedora 9
slackware 1
debian 6
osv 2
gentoo 2
oraclelinux 1
centos 1
redhat 1
prion 15
ubuntucve 13
nvd 15
debiancve 2
cvelist 17
zdi 3
cve 9
threatpost 1
f5 1
veracode 1
nessus
nessus
Mac OS X : Apple Safari < 5.0.4
2011-03-10 00:00:00
Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
2011-03-03 00:00:00
Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
2011-03-03 00:00:00
securityvulns
securityvulns
About the security content of iTunes 10.2
2011-03-03 00:00:00
About the security content of Safari 5.0.4
2011-03-15 00:00:00
Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities
2011-03-16 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (Mar 2011) - Mac OS X
2011-08-12 00:00:00
Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X)
2011-08-12 00:00:00
Apple iTunes Multiple Vulnerabilities - Mar11
2011-03-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 6 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.7.8-alt3
2010-12-27 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2010-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: libpng10-1.0.54-1.fc13
2010-07-20 22:32:04
[SECURITY] Fedora 13 Update: mingw32-libpng-1.2.44-1.fc13
2010-07-27 02:50:02
[SECURITY] Fedora 13 Update: libpng-1.2.44-1.fc13
2010-07-01 18:36:39
slackware
slackware
[slackware-security] libpng
2010-06-30 06:39:45
debian
debian
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA-2210-2] tiff security update
2011-06-25 10:31:46
osv
osv
libpng - several vulnerabilities
2010-07-19 00:00:00
tiff - several
2011-04-03 00:00:00
gentoo
gentoo
Libpng: Multiple vulnerabilities
2010-10-05 00:00:00
libxml2: Multiple vulnerabilities
2011-10-26 00:00:00
oraclelinux
oraclelinux
libpng security update
2010-07-14 00:00:00
centos
centos
libpng, libpng10 security update
2010-07-14 22:40:18
redhat
redhat
(RHSA-2010:0534) Important: libpng security update
2010-07-14 00:00:00
prion
prion
Memory corruption
2011-03-03 20:00:00
Design/Logic Flaw
2010-09-24 19:00:00
Memory corruption
2011-03-03 20:00:00
ubuntucve
ubuntucve
CVE-2011-0142
2011-03-03 00:00:00
CVE-2011-0140
2011-03-03 00:00:00
CVE-2011-0141
2011-03-03 00:00:00
nvd
nvd
CVE-2011-0125
2011-03-03 20:00:01
CVE-2010-1824
2010-09-24 19:00:04
CVE-2011-0142
2011-03-03 20:00:02
debiancve
debiancve
CVE-2010-1824
2010-09-24 19:00:00
CVE-2010-2249
2010-06-30 18:30:01
cvelist
cvelist
CVE-2010-1824
2010-09-24 18:00:00
CVE-2010-2249
2010-06-30 18:00:00
CVE-2011-0141
2011-03-03 19:00:00
zdi
zdi
Apple Webkit Error Message Mutation Remote Code Execution Vulnerability
2011-03-02 00:00:00
Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
2011-03-02 00:00:00
Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability
2011-03-02 00:00:00
cve
cve
CVE-2010-1824
2010-09-24 19:00:04
CVE-2010-2249
2010-06-30 18:30:01
CVE-2011-0142
2011-03-03 20:00:02
threatpost
threatpost
Weaknesses in Webkit Becoming Problematic
2011-08-28 23:44:39
f5
f5
K51182024 : libxml2 2.7.8 vulnerability CVE-2010-4494
2020-06-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:43:56

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.664

Percentile

98.0%

JSON
Related for SAFARI_5_0_4.NASL
nessus36securityvulns8openvas48altlinux6ubuntu1fedora9slackware1debian6osv2gentoo2oraclelinux1centos1redhat1prion15ubuntucve13nvd15debiancve2cvelist17zdi3cve9threatpost1f51veracode1