Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.801867 |
Category: | General |
Title: | Apple Safari Webkit Multiple Vulnerabilities - March 2011 |
Summary: | The host is installed with Apple Safari web browser and is prone; to multiple vulnerabilities. |
Description: | Summary: The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities. Vulnerability Insight: - An error in the WebKit component when handling redirects during HTTP Basic Authentication can be exploited to disclose the credentials to another site. - An error in the WebKit component when handling the Attr.style accessor can be exploited to inject an arbitrary Cascading Style Sheet (CSS) into another document. - A type checking error in the WebKit component when handling cached resources can be exploited to poison the cache and prevent certain resources from being requested. - An error in the WebKit component when handling HTML5 drag and drop operations across different origins can be exploited to disclose certain content to another site. - An error in the tracking of window origins within the WebKit component can be exploited to disclose the content of files to a remote server. - Input passed to the 'window.console._inspectorCommandLineAPI' property while browsing using the Web Inspector is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow attacker to disclose potentially sensitive information, conduct cross-site scripting and spoofing attacks, and compromise a user's system. Affected Software/OS: Apple Safari versions prior to 5.0.4. Solution: Upgrade to Apple Safari version 5.0.4 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
Cross-Ref: |
BugTraq ID: 46808 BugTraq ID: 46811 BugTraq ID: 46814 BugTraq ID: 46816 Common Vulnerability Exposure (CVE) ID: CVE-2011-0160 http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://www.securitytracker.com/id?1025182 Common Vulnerability Exposure (CVE) ID: CVE-2011-0161 http://www.securityfocus.com/bid/46814 XForce ISS Database: appleios-attr-code-execution(66000) https://exchange.xforce.ibmcloud.com/vulnerabilities/66000 Common Vulnerability Exposure (CVE) ID: CVE-2011-0163 XForce ISS Database: appleios-cache-dos(66001) https://exchange.xforce.ibmcloud.com/vulnerabilities/66001 Common Vulnerability Exposure (CVE) ID: CVE-2011-0166 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://www.securityfocus.com/bid/46811 http://www.securitytracker.com/id?1025183 XForce ISS Database: apple-safari-html5-info-disclosure(66004) https://exchange.xforce.ibmcloud.com/vulnerabilities/66004 Common Vulnerability Exposure (CVE) ID: CVE-2011-0167 http://www.securityfocus.com/bid/46816 Common Vulnerability Exposure (CVE) ID: CVE-2011-0169 BugTraq ID: 46809 http://www.securityfocus.com/bid/46809 XForce ISS Database: safari-commandlineapi-xss(66006) https://exchange.xforce.ibmcloud.com/vulnerabilities/66006 |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |