Details of VAR-200403-0022

ID

VAR-200403-0022

CVE

CVE-2004-0087

TITLE

apple's Apple Mac OS X Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000761

DESCRIPTION

The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Trust: 1.98

sources: NVD: CVE-2004-0087 // JVNDB: JVNDB-2004-000761 // BID: 9504 // VULHUB: VHN-8517

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.3.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 9504 // JVNDB: JVNDB-2004-000761 // CNNVD: CNNVD-200403-038 // NVD: CVE-2004-0087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0087
value:	LOW
Trust: 1.0
NVD:	CVE-2004-0087
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200403-038
value:	LOW
Trust: 0.6
VULHUB:	VHN-8517
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2004-0087
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8517
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8517 // JVNDB: JVNDB-2004-000761 // CNNVD: CNNVD-200403-038 // NVD: CVE-2004-0087

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000761 // NVD: CVE-2004-0087

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200403-038

TYPE

Unknown

Trust: 0.9

sources: BID: 9504 // CNNVD: CNNVD-200403-038

PATCH

title:

lists.apple.com (msg00000)

url:

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000761

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0087	Trust: 3.6
db:	BID	id:	9504	Trust: 2.8
db:	OSVDB	id:	6819	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000761	Trust: 0.8
db:	CNNVD	id:	CNNVD-200403-038	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-01-26	Trust: 0.6
db:	XF	id:	14997	Trust: 0.6
db:	VULHUB	id:	VHN-8517	Trust: 0.1

sources: VULHUB: VHN-8517 // BID: 9504 // JVNDB: JVNDB-2004-000761 // CNNVD: CNNVD-200403-038 // NVD: CVE-2004-0087

REFERENCES

url:	http://www.securityfocus.com/bid/9504	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14997	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2004/jan/msg00000.html	Trust: 1.7
url:	http://www.osvdb.org/6819	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0087	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/14997	Trust: 0.6

sources: VULHUB: VHN-8517 // JVNDB: JVNDB-2004-000761 // CNNVD: CNNVD-200403-038 // NVD: CVE-2004-0087

CREDITS

Apache

Trust: 0.6

sources: CNNVD: CNNVD-200403-038

SOURCES

db:	VULHUB	id:	VHN-8517
db:	BID	id:	9504
db:	JVNDB	id:	JVNDB-2004-000761
db:	CNNVD	id:	CNNVD-200403-038
db:	NVD	id:	CVE-2004-0087

LAST UPDATE DATE

2024-08-14T12:37:02.635000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8517	date:	2017-07-11T00:00:00
db:	BID	id:	9504	date:	2009-07-12T02:06:00
db:	JVNDB	id:	JVNDB-2004-000761	date:	2024-05-29T07:30:00
db:	CNNVD	id:	CNNVD-200403-038	date:	2005-10-28T00:00:00
db:	NVD	id:	CVE-2004-0087	date:	2017-07-11T01:29:53.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8517	date:	2004-03-03T00:00:00
db:	BID	id:	9504	date:	2004-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2004-000761	date:	2024-05-29T00:00:00
db:	CNNVD	id:	CNNVD-200403-038	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2004-0087	date:	2004-03-03T05:00:00