Details of VAR-200403-0023

ID

VAR-200403-0023

CVE

CVE-2004-0088

TITLE

apple's Apple Mac OS X Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000760

DESCRIPTION

The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Trust: 1.98

sources: NVD: CVE-2004-0088 // JVNDB: JVNDB-2004-000760 // BID: 9504 // VULHUB: VHN-8518

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 9504 // JVNDB: JVNDB-2004-000760 // CNNVD: CNNVD-200403-007 // NVD: CVE-2004-0088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0088
value:	LOW
Trust: 1.0
NVD:	CVE-2004-0088
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-200403-007
value:	LOW
Trust: 0.6
VULHUB:	VHN-8518
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2004-0088
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8518
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8518 // JVNDB: JVNDB-2004-000760 // CNNVD: CNNVD-200403-007 // NVD: CVE-2004-0088

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000760 // NVD: CVE-2004-0088

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200403-007

TYPE

Unknown

Trust: 0.9

sources: BID: 9504 // CNNVD: CNNVD-200403-007

PATCH

title:

lists.apple.com (msg00000)

url:

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000760

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0088	Trust: 3.6
db:	BID	id:	9504	Trust: 2.8
db:	OSVDB	id:	6820	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000760	Trust: 0.8
db:	CNNVD	id:	CNNVD-200403-007	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-01-26	Trust: 0.6
db:	VULHUB	id:	VHN-8518	Trust: 0.1

sources: VULHUB: VHN-8518 // BID: 9504 // JVNDB: JVNDB-2004-000760 // CNNVD: CNNVD-200403-007 // NVD: CVE-2004-0088

REFERENCES

url:	http://www.securityfocus.com/bid/9504	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2004/jan/msg00000.html	Trust: 1.7
url:	http://www.osvdb.org/6820	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0088	Trust: 0.8

sources: VULHUB: VHN-8518 // JVNDB: JVNDB-2004-000760 // CNNVD: CNNVD-200403-007 // NVD: CVE-2004-0088

CREDITS

Apache

Trust: 0.6

sources: CNNVD: CNNVD-200403-007

SOURCES

db:	VULHUB	id:	VHN-8518
db:	BID	id:	9504
db:	JVNDB	id:	JVNDB-2004-000760
db:	CNNVD	id:	CNNVD-200403-007
db:	NVD	id:	CVE-2004-0088

LAST UPDATE DATE

2024-08-14T12:04:21.660000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8518	date:	2008-09-10T00:00:00
db:	BID	id:	9504	date:	2009-07-12T02:06:00
db:	JVNDB	id:	JVNDB-2004-000760	date:	2024-05-29T07:30:00
db:	CNNVD	id:	CNNVD-200403-007	date:	2005-10-28T00:00:00
db:	NVD	id:	CVE-2004-0088	date:	2008-09-10T19:25:05.977

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8518	date:	2004-03-03T00:00:00
db:	BID	id:	9504	date:	2004-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2004-000760	date:	2024-05-29T00:00:00
db:	CNNVD	id:	CNNVD-200403-007	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2004-0088	date:	2004-03-03T05:00:00