Details of VAR-200407-0052

ID

VAR-200407-0052

CVE

CVE-2004-0489

TITLE

apple's Apple Mac OS X Vulnerability in inserting or changing arguments in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000931

DESCRIPTION

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. apple's Apple Mac OS X Exists in a vulnerability in inserting or modifying arguments.None

Trust: 1.98

sources: NVD: CVE-2004-0489 // JVNDB: JVNDB-2004-000931 // BID: 82693 // VULHUB: VHN-8919

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.3.3	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	lte	version:	10.3.3 and earlier	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	-	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3

sources: BID: 82693 // JVNDB: JVNDB-2004-000931 // CNNVD: CNNVD-200407-029 // NVD: CVE-2004-0489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0489
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-0489
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200407-029
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8919
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0489
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8919
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8919 // JVNDB: JVNDB-2004-000931 // CNNVD: CNNVD-200407-029 // NVD: CVE-2004-0489

PROBLEMTYPE DATA

problemtype:	CWE-88	Trust: 1.0
problemtype:	Insert or change arguments (CWE-88) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000931 // NVD: CVE-2004-0489

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-029

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200407-029

PATCH

title:

top page

url:

https://www.apple.com/

Trust: 0.8

sources: JVNDB: JVNDB-2004-000931

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0489	Trust: 3.6
db:	XF	id:	16242	Trust: 0.9
db:	JVNDB	id:	JVNDB-2004-000931	Trust: 0.8
db:	CNNVD	id:	CNNVD-200407-029	Trust: 0.7
db:	FULLDISC	id:	20040524 SSH URI HANDLER REMOTE ARBITRARY CODE EXECUTION	Trust: 0.6
db:	BID	id:	82693	Trust: 0.4
db:	VULHUB	id:	VHN-8919	Trust: 0.1

sources: VULHUB: VHN-8919 // BID: 82693 // JVNDB: JVNDB-2004-000931 // CNNVD: CNNVD-200407-029 // NVD: CVE-2004-0489

REFERENCES

url:	http://www.insecure.ws/article.php?story=200405222251133	Trust: 2.8
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/021871.html	Trust: 2.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16242	Trust: 1.9
url:	http://xforce.iss.net/xforce/xfdb/16242	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0489	Trust: 0.8

sources: VULHUB: VHN-8919 // BID: 82693 // JVNDB: JVNDB-2004-000931 // CNNVD: CNNVD-200407-029 // NVD: CVE-2004-0489

CREDITS

Unknown

Trust: 0.3

sources: BID: 82693

SOURCES

db:	VULHUB	id:	VHN-8919
db:	BID	id:	82693
db:	JVNDB	id:	JVNDB-2004-000931
db:	CNNVD	id:	CNNVD-200407-029
db:	NVD	id:	CVE-2004-0489

LAST UPDATE DATE

2024-08-14T14:23:05.335000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8919	date:	2017-07-11T00:00:00
db:	BID	id:	82693	date:	2004-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2004-000931	date:	2024-06-07T08:58:00
db:	CNNVD	id:	CNNVD-200407-029	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0489	date:	2024-02-13T17:52:53.730

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8919	date:	2004-07-07T00:00:00
db:	BID	id:	82693	date:	2004-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2004-000931	date:	2024-06-07T00:00:00
db:	CNNVD	id:	CNNVD-200407-029	date:	2004-07-07T00:00:00
db:	NVD	id:	CVE-2004-0489	date:	2004-07-07T04:00:00