Test Kennung:	1.3.6.1.4.1.25623.1.0.900889
Kategorie:	General
Titel:	Apple Safari Multiple Vulnerabilities - Nov09
Zusammenfassung:	This host has Apple Safari installed and is prone to multiple; vulnerabilities.
Beschreibung:	Summary: This host has Apple Safari installed and is prone to multiple vulnerabilities. Vulnerability Insight: - An error exists in WebKit when sending 'preflight' requests originating from a page in a different origin. This can be exploited to facilitate cross-site request forgery attacks by injecting custom HTTP headers. - An error exists when handling an 'Open Image in New Tab', 'Open Image in' 'New Window', or 'Open Link in New Tab' shortcut menu action performed on a link to a local file. This can be exploited to load a local HTML file and disclose sensitive information by tricking a user into performing the affected actions within a specially crafted webpage. - Multiple errors in WebKit when handling FTP directory listings can be exploited to disclose sensitive information. Vulnerability Impact: Successful exploitation could allow attackers to bypass certain security restrictions, disclose sensitive information, or compromise a user's system. Affected Software/OS: Apple Safari version prior to 4.0.4. Solution: Upgrade to Safari version 4.0.4 or latest version. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 36997 BugTraq ID: 36994 BugTraq ID: 36995 Common Vulnerability Exposure (CVE) ID: CVE-2009-2816 http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://www.securityfocus.com/bid/36997 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html http://osvdb.org/59940 http://osvdb.org/59967 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 http://www.securitytracker.com/id?1023165 http://secunia.com/advisories/37346 http://secunia.com/advisories/37358 http://secunia.com/advisories/37393 http://secunia.com/advisories/37397 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2009/3217 http://www.vupen.com/english/advisories/2009/3233 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: safari-crossorigin-csrf(54239) https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 Common Vulnerability Exposure (CVE) ID: CVE-2009-2842 http://www.securityfocus.com/bid/36994 http://osvdb.org/59942 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5915 http://www.securitytracker.com/id?1023164 XForce ISS Database: safari-menu-options-info-disclosure(54238) https://exchange.xforce.ibmcloud.com/vulnerabilities/54238 Common Vulnerability Exposure (CVE) ID: CVE-2009-3384 http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://www.securityfocus.com/bid/36995 http://osvdb.org/59943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6362 http://www.securitytracker.com/id?1023166 XForce ISS Database: safari-ftp-code-execution(54241) https://exchange.xforce.ibmcloud.com/vulnerabilities/54241
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.