Details of VAR-200403-0020

ID

VAR-200403-0020

CVE

CVE-2004-0085

TITLE

apple's Apple Mac OS X Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000758

DESCRIPTION

Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Trust: 1.98

sources: NVD: CVE-2004-0085 // JVNDB: JVNDB-2004-000758 // BID: 9504 // VULHUB: VHN-8515

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.1.5	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 9504 // JVNDB: JVNDB-2004-000758 // CNNVD: CNNVD-200403-001 // NVD: CVE-2004-0085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0085
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2004-0085
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200403-001
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8515
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0085
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8515
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8515 // JVNDB: JVNDB-2004-000758 // CNNVD: CNNVD-200403-001 // NVD: CVE-2004-0085

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000758 // NVD: CVE-2004-0085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-001

TYPE

Unknown

Trust: 0.9

sources: BID: 9504 // CNNVD: CNNVD-200403-001

PATCH

title:

lists.apple.com (msg00000)

url:

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000758

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0085	Trust: 3.6
db:	BID	id:	9504	Trust: 2.8
db:	JVNDB	id:	JVNDB-2004-000758	Trust: 0.8
db:	CNNVD	id:	CNNVD-200403-001	Trust: 0.7
db:	XF	id:	14992	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2004-01-26	Trust: 0.6
db:	VULHUB	id:	VHN-8515	Trust: 0.1

sources: VULHUB: VHN-8515 // BID: 9504 // JVNDB: JVNDB-2004-000758 // CNNVD: CNNVD-200403-001 // NVD: CVE-2004-0085

REFERENCES

url:	http://www.securityfocus.com/bid/9504	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14992	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2004/jan/msg00000.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0085	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/14992	Trust: 0.6

sources: VULHUB: VHN-8515 // JVNDB: JVNDB-2004-000758 // CNNVD: CNNVD-200403-001 // NVD: CVE-2004-0085

CREDITS

Apache

Trust: 0.6

sources: CNNVD: CNNVD-200403-001

SOURCES

db:	VULHUB	id:	VHN-8515
db:	BID	id:	9504
db:	JVNDB	id:	JVNDB-2004-000758
db:	CNNVD	id:	CNNVD-200403-001
db:	NVD	id:	CVE-2004-0085

LAST UPDATE DATE

2024-08-14T12:06:38.055000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8515	date:	2017-07-11T00:00:00
db:	BID	id:	9504	date:	2009-07-12T02:06:00
db:	JVNDB	id:	JVNDB-2004-000758	date:	2024-05-29T06:28:00
db:	CNNVD	id:	CNNVD-200403-001	date:	2005-10-28T00:00:00
db:	NVD	id:	CVE-2004-0085	date:	2017-07-11T01:29:53.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8515	date:	2004-03-03T00:00:00
db:	BID	id:	9504	date:	2004-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2004-000758	date:	2024-05-29T00:00:00
db:	CNNVD	id:	CNNVD-200403-001	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2004-0085	date:	2004-03-03T05:00:00