Apple Safari Multiple Vulnerabilities-01 (Sep 2015) - Mac OS X

2015-09-0100:00:00

plugins.openvas.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Apple Safari is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:safari";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805968");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2015-3729", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732",
                "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736",
                "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740",
                "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744",
                "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748",
                "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752",
                "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"creation_date", value:"2015-09-01 11:47:05 +0530 (Tue, 01 Sep 2015)");
  script_name("Apple Safari Multiple Vulnerabilities-01 (Sep 2015) - Mac OS X");

  script_tag(name:"summary", value:"Apple Safari is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist duu to,

  - Multiple memory corruption issues existed in WebKit.

  - An error existed in Content Security Policy report requests which would not
    honor HTTP Strict Transport Security.

  - An issue existed where websites with video controls would load images nested
    in object elements in violation of the website's Content Security Policy
    directive.

  - Two issues existed in how cookies were added to Content Security Policy report
    requests. Cookies were sent in cross-origin report requests in violation of the
    standard.

  - Images fetched through URLs that redirected to a data:image resource could have
    been exfiltrated cross-origin.

  - An issue existed in caching of HTTP authentication. Credentials entered in
    private browsing mode were carried over to regular browsing which would reveal
    parts of the user's private browsing history.

  - Navigating to a malformed URL may have allowed a malicious website to display
    an arbitrary URL.

  - A malicious website could open another site and prompt for user input without
    a way for the user to tell where the prompt came from.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to conduct spoofing attack, unexpected application termination
  or arbitrary code execution, trigger plaintext requests to an origin under HTTP
  Strict Transport Security, load image out of accordance with Content Security
  Policy directive, gain access to sensitive information, exfiltrate image data
  cross-origin and reveal private browsing history.");

  script_tag(name:"affected", value:"Apple Safari versions before 6.2.8, 7.x
  before 7.1.8, and 8.x before 8.0.8");

  script_tag(name:"solution", value:"Upgrade to Apple Safari version 6.2.8 or
  7.1.8 or 8.0.8 or later.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"executable_version");

  script_xref(name:"URL", value:"https://support.apple.com/en-us/HT205033");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76342");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76338");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76341");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76339");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/76344");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("General");
  script_dependencies("macosx_safari_detect.nasl");
  script_mandatory_keys("AppleSafari/MacOSX/Version");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!safVer = get_app_version(cpe:CPE)){
  exit(0);
}

if(version_is_less(version:safVer, test_version:"6.2.8"))
{
  fix = "6.2.8";
  VULN = TRUE;
}

if(version_in_range(version:safVer, test_version:"7.0", test_version2:"7.1.7"))
{
  fix = "7.1.8";
  VULN = TRUE;
}

if(version_in_range(version:safVer, test_version:"8.0", test_version2:"8.0.7"))
{
  fix = "8.0.8";
  VULN = TRUE;
}

if(VULN)
{
  report = 'Installed version: ' + safVer + '\n' +
           'Fixed version:     ' + fix + '\n';
  security_message(data:report);
  exit(0);
}