Details of VAR-200403-0031

ID

VAR-200403-0031

CVE

CVE-2004-0092

TITLE

apple's Apple Mac OS X Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000764

DESCRIPTION

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. apple's Apple Mac OS X Exists in unspecified vulnerabilities.None. Apple has released Security Update 2004-01-26 to address multiple previously known and newly discovered security vulnerabilities in Mac OS X 10.1.x through 10.3.x. Apache is a popular WEB server program. The mod_cgid module included with Apache has issues when using the threaded MPM, which can cause data redirection to leak sensitive information or improperly authorize access. When the threaded MPM is used, mod_cgid mishandles the CGI redirect path, which can lead to incorrectly directing CGI output to the client. Mis-redirecting data can reveal sensitive information or improperly authorize access

Trust: 1.98

sources: NVD: CVE-2004-0092 // JVNDB: JVNDB-2004-000764 // BID: 9504 // VULHUB: VHN-8522

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.2.8	Trust: 1.6
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.2.8	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.3.2	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 9504 // JVNDB: JVNDB-2004-000764 // CNNVD: CNNVD-200403-039 // NVD: CVE-2004-0092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0092
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-0092
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200403-039
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-8522
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0092
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8522
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8522 // JVNDB: JVNDB-2004-000764 // CNNVD: CNNVD-200403-039 // NVD: CVE-2004-0092

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000764 // NVD: CVE-2004-0092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-039

TYPE

Unknown

Trust: 0.9

sources: BID: 9504 // CNNVD: CNNVD-200403-039

PATCH

title:

lists.apple.com (msg00000)

url:

http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000764

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0092	Trust: 3.6
db:	BID	id:	9504	Trust: 2.8
db:	JVNDB	id:	JVNDB-2004-000764	Trust: 0.8
db:	CNNVD	id:	CNNVD-200403-039	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-01-26	Trust: 0.6
db:	VULHUB	id:	VHN-8522	Trust: 0.1

sources: VULHUB: VHN-8522 // BID: 9504 // JVNDB: JVNDB-2004-000764 // CNNVD: CNNVD-200403-039 // NVD: CVE-2004-0092

REFERENCES

url:	http://www.securityfocus.com/bid/9504	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2004/jan/msg00000.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0092	Trust: 0.8

sources: VULHUB: VHN-8522 // JVNDB: JVNDB-2004-000764 // CNNVD: CNNVD-200403-039 // NVD: CVE-2004-0092

CREDITS

Apache

Trust: 0.6

sources: CNNVD: CNNVD-200403-039

SOURCES

db:	VULHUB	id:	VHN-8522
db:	BID	id:	9504
db:	JVNDB	id:	JVNDB-2004-000764
db:	CNNVD	id:	CNNVD-200403-039
db:	NVD	id:	CVE-2004-0092

LAST UPDATE DATE

2024-08-14T12:32:33.404000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8522	date:	2008-09-10T00:00:00
db:	BID	id:	9504	date:	2009-07-12T02:06:00
db:	JVNDB	id:	JVNDB-2004-000764	date:	2024-05-29T08:04:00
db:	CNNVD	id:	CNNVD-200403-039	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0092	date:	2008-09-10T19:25:06.587

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8522	date:	2004-03-03T00:00:00
db:	BID	id:	9504	date:	2004-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2004-000764	date:	2024-05-29T00:00:00
db:	CNNVD	id:	CNNVD-200403-039	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2004-0092	date:	2004-03-03T05:00:00