Safari < 5.1.4 の複数の脆弱性
high Nessus プラグイン ID 58323
Language:
概要
リモートホストにある Web ブラウザは、複数の問題による影響を受けます。説明
リモートホストにインストールされているバージョンの Safari は、報告されているところによると、次の問題による影響を受けます。- Look-alike characters in a URL could be used to masquerade a website. (CVE-2012-0584)
- Web page visits may be recorded in browser history even when private browsing is active. (CVE-2012-0585)
- Multiple cross-site scripting issues existed in WebKit. (CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589)
- A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins. (CVE-2011-3887)
- Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack. (CVE-2012-0590)
- WebKit に、複数のメモリ破損の問題が存在しました。
(CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0648)
- Cookies may be set by third-parties, even when Safari is configured to block them. (CVE-2012-0640)
- If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site. (CVE-2012-0647)
ソリューション
Safari 5.1.4 以降にアップグレードしてください。参考資料
https://www.zerodayinitiative.com/advisories/ZDI-12-054/
https://www.zerodayinitiative.com/advisories/ZDI-12-055/
http://www.zerodayinitiative.com/advisories/ZDI-12-147/
http://seclists.org/fulldisclosure/2012/Aug/267
http://support.apple.com/kb/HT5190
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
プラグインの詳細
深刻度: High
ID: 58323
ファイル名: safari_5_1_4.nasl
バージョン: 1.19
タイプ: local
エージェント: windows
ファミリー: Windows
公開日: 2012/3/12
更新日: 2018/11/15
サポートされているセンサー: Nessus Agent, Nessus
リスク情報
VPR
リスクファクター: High
スコア: 8.9
CVSS v2
リスクファクター: High
基本値: 9.3
現状値: 8.1
ベクトル: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
脆弱性情報
CPE: cpe:/a:apple:safari
必要な KB アイテム: SMB/Safari/FileVersion
エクスプロイトが利用可能: true
エクスプロイトの容易さ: Exploits are available
パッチ公開日: 2012/3/12
脆弱性公開日: 2012/3/12
参照情報
CVE: CVE-2011-2825, CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2866, CVE-2011-2867, CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2873, CVE-2011-2877, CVE-2011-3881, CVE-2011-3885, CVE-2011-3886, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0584, CVE-2012-0585, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2012-0590, CVE-2012-0591, CVE-2012-0592, CVE-2012-0593, CVE-2012-0594, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599, CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607, CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615, CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623, CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631, CVE-2012-0632, CVE-2012-0633, CVE-2012-0635, CVE-2012-0636, CVE-2012-0637, CVE-2012-0638, CVE-2012-0639, CVE-2012-0640, CVE-2012-0647, CVE-2012-0648
BID: 49279, 49658, 49938, 50360, 50642, 51041, 51641, 52363, 52365, 52367, 52419, 52421, 52423, 52956, 53148