Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801867
Category:General
Title:Apple Safari Webkit Multiple Vulnerabilities - March 2011
Summary:The host is installed with Apple Safari web browser and is prone; to multiple vulnerabilities.
Description:Summary:
The host is installed with Apple Safari web browser and is prone
to multiple vulnerabilities.

Vulnerability Insight:
- An error in the WebKit component when handling redirects during HTTP Basic
Authentication can be exploited to disclose the credentials to another site.

- An error in the WebKit component when handling the Attr.style accessor can
be exploited to inject an arbitrary Cascading Style Sheet (CSS) into another
document.

- A type checking error in the WebKit component when handling cached resources
can be exploited to poison the cache and prevent certain resources from
being requested.

- An error in the WebKit component when handling HTML5 drag and drop
operations across different origins can be exploited to disclose certain
content to another site.

- An error in the tracking of window origins within the WebKit component can
be exploited to disclose the content of files to a remote server.

- Input passed to the 'window.console._inspectorCommandLineAPI' property
while browsing using the Web Inspector is not properly sanitised before
being returned to the user.

Vulnerability Impact:
Successful exploitation will allow attacker to disclose potentially
sensitive information, conduct cross-site scripting and spoofing attacks, and compromise a user's system.

Affected Software/OS:
Apple Safari versions prior to 5.0.4.

Solution:
Upgrade to Apple Safari version 5.0.4 or later.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: BugTraq ID: 46808
BugTraq ID: 46811
BugTraq ID: 46814
BugTraq ID: 46816
Common Vulnerability Exposure (CVE) ID: CVE-2011-0160
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://www.securitytracker.com/id?1025182
Common Vulnerability Exposure (CVE) ID: CVE-2011-0161
http://www.securityfocus.com/bid/46814
XForce ISS Database: appleios-attr-code-execution(66000)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66000
Common Vulnerability Exposure (CVE) ID: CVE-2011-0163
XForce ISS Database: appleios-cache-dos(66001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66001
Common Vulnerability Exposure (CVE) ID: CVE-2011-0166
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://www.securityfocus.com/bid/46811
http://www.securitytracker.com/id?1025183
XForce ISS Database: apple-safari-html5-info-disclosure(66004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66004
Common Vulnerability Exposure (CVE) ID: CVE-2011-0167
http://www.securityfocus.com/bid/46816
Common Vulnerability Exposure (CVE) ID: CVE-2011-0169
BugTraq ID: 46809
http://www.securityfocus.com/bid/46809
XForce ISS Database: safari-commandlineapi-xss(66006)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66006
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.