Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SAFARI_5_1_1.NASL
HistoryOct 13, 2011 - 12:00 a.m.

Safari < 5.1.1 Multiple Vulnerabilities

2011-10-1300:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
27

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.451 Medium

EPSS

Percentile

97.4%

JSON

The version of Safari installed on the remote Windows host is earlier than 5.1.1. Thus, it is potentially affected by numerous issues in the following components :

  • Safari
  • WebKit
#
# (C) Tenable Network Security, Inc.
#


if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");


if (description)
{
  script_id(56483);
  script_version("1.12");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id(
    "CVE-2011-1440",
    "CVE-2011-2338",
    "CVE-2011-2339",
    "CVE-2011-2341",
    "CVE-2011-2351",
    "CVE-2011-2352",
    "CVE-2011-2354",
    "CVE-2011-2356",
    "CVE-2011-2359",
    "CVE-2011-2788",
    "CVE-2011-2790",
    "CVE-2011-2792",
    "CVE-2011-2797",
    "CVE-2011-2799",
    "CVE-2011-2800",
    "CVE-2011-2805",
    "CVE-2011-2809",
    "CVE-2011-2811",
    "CVE-2011-2813",
    "CVE-2011-2814",
    "CVE-2011-2815",
    "CVE-2011-2816",
    "CVE-2011-2817",
    "CVE-2011-2818",
    "CVE-2011-2819",
    "CVE-2011-2820",
    "CVE-2011-2823",
    "CVE-2011-2827",
    "CVE-2011-2831",
    "CVE-2011-3229",
    "CVE-2011-3232",
    "CVE-2011-3233",
    "CVE-2011-3234",
    "CVE-2011-3235",
    "CVE-2011-3236",
    "CVE-2011-3237",
    "CVE-2011-3238",
    "CVE-2011-3239",
    "CVE-2011-3241",
    "CVE-2011-3243"
  );
  script_bugtraq_id(
    47604,
    48479,
    48960,
    49279,
    49658,
    49850,
    50089,
    50163,
    51032
  );

  script_name(english:"Safari < 5.1.1 Multiple Vulnerabilities");
  script_summary(english:"Checks Safari's version number");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host contains a web browser that is affected by several
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The version of Safari installed on the remote Windows host is earlier
than 5.1.1.  Thus, it is potentially affected by numerous issues in 
the following components :

  - Safari
  - WebKit"
  );
  # http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html
  script_set_attribute(
    attribute:"see_also", 
    value:"http://www.nessus.org/u?95007eac"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://support.apple.com/kb/HT5000"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://lists.apple.com/archives/security-announce/2011/Oct/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade to Safari 5.1.1 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("safari_installed.nasl");
  script_require_keys("SMB/Safari/FileVersion");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/Safari/FileVersion");

version_ui = get_kb_item("SMB/Safari/ProductVersion");
if (isnull(version_ui)) version_ui = version;

fixed_version = '5.34.51.22';
fixed_version_ui = '5.1.1 (7534.51.22)';

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  if (report_verbosity > 0)
  {
    path = get_kb_item("SMB/Safari/Path");
    if (isnull(path)) path = "n/a";

    report = 
      '\n  Path              : ' + path + 
      '\n  Installed version : ' + version_ui + 
      '\n  Fixed version     : ' + fixed_version_ui + '\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

openvas 19
securityvulns 9
nessus 5
debian 2
osv 1
seebug 2
chrome 1
threatpost 1
cve 27
debiancve 10
prion 29
nvd 32
cvelist 28
ubuntucve 28
packetstorm 1
checkpoint_advisories 3
mozilla 1
openvas
openvas
Apple Safari Multiple Vulnerabilities (Oct 2011) - Windows
2012-05-24 00:00:00
Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)
2012-05-24 00:00:00
Apple Mac OS X v10.6.8 Safari Multiple Vulnerabilities
2011-10-20 00:00:00
securityvulns
securityvulns
Apple Safari / WebKit multiple security vulnerabilities
2011-10-15 00:00:00
APPLE-SA-2011-10-12-4 Safari 5.1.1
2011-10-15 00:00:00
[SECURITY] [DSA 2307-1] chromium-browser security update
2011-09-13 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 5.1.1
2011-10-13 00:00:00
Debian DSA-2307-1 : chromium-browser - several vulnerabilities
2011-09-12 00:00:00
Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)
2011-10-12 00:00:00
debian
debian
[SECURITY] [DSA 2307-1] chromium-browser security update
2011-09-11 17:36:04
[SECURITY] [DSA 2307-1] chromium-browser security update
2011-09-11 17:36:04
osv
osv
chromium-browser - several
2011-09-11 00:00:00
seebug
seebug
Apple iTunes多个安全漏洞
2011-10-13 00:00:00
Apple Safari safari-extension:// URL处理遍历远程代码执行漏洞
2011-10-17 00:00:00
chrome
chrome
Stable Channel Update
2011-08-02 00:00:00
threatpost
threatpost
Google Fixes 30 Bugs in Chrome, Pays $17K in Bounties
2011-08-02 18:10:51
cve
cve
CVE-2011-2354
2011-10-12 18:55:01
CVE-2011-3237
2011-10-12 18:55:02
CVE-2011-2823
2011-08-29 15:55:01
debiancve
debiancve
CVE-2011-2359
2011-08-03 00:55:00
CVE-2011-2823
2011-08-29 15:55:00
CVE-2011-2351
2011-06-29 17:55:00
prion
prion
Memory corruption
2011-10-12 18:55:00
Memory corruption
2011-10-12 18:55:00
Directory traversal
2011-10-14 10:55:00
nvd
nvd
CVE-2011-2351
2011-06-29 17:55:04
CVE-2011-2352
2011-10-12 18:55:01
CVE-2011-2339
2011-10-12 18:55:01
cvelist
cvelist
CVE-2011-2351
2011-06-29 17:00:00
CVE-2011-2352
2011-10-12 18:00:00
CVE-2011-2338
2011-10-12 18:00:00
ubuntucve
ubuntucve
CVE-2011-2823
2011-08-29 00:00:00
CVE-2011-2827
2011-08-29 00:00:00
CVE-2011-2352
2011-10-12 00:00:00
packetstorm
packetstorm
Apple Safari Directory Traversal
2011-10-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome and Apple Safari Apple Webkit Ruby Memory Corruption - Ver2 (CVE-2011-1440)
2014-03-31 00:00:00
Google Chrome and Apple Safari Apple Webkit Ruby Memory Corruption (CVE-2011-1440)
2012-01-17 00:00:00
Google Chrome and Apple Safari Display Box Rendering Memory Corruption (CVE-2011-2818)
2011-11-01 00:00:00
mozilla
mozilla
Potentially exploitable crash in the YARR regular expression library — Mozilla
2011-09-27 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.451 Medium

EPSS

Percentile

97.4%

JSON
Related for SAFARI_5_1_1.NASL
openvas19securityvulns9nessus5debian2osv1seebug2chrome1threatpost1cve27debiancve10prion29nvd32cvelist28ubuntucve28packetstorm1checkpoint_advisories3mozilla1