| Vulnerability Name: | CVE-2004-0489 (CCN-16242) | ||||||||
| Assigned: | 2004-05-24 | ||||||||
| Published: | 2004-05-24 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Mon May 24 2004 - 10:38:18 CDT SSH URI handler remote arbitrary code execution Source: MITRE Type: CNA CVE-2004-0489 Source: FULLDISC Type: UNKNOWN 20040524 SSH URI handler remote arbitrary code execution Source: MISC Type: Exploit, Vendor Advisory http://www.insecure.ws/article.php?story=200405222251133 Source: CCN Type: Objective Devemopment Web site Little Snitch Source: CCN Type: OSVDB ID: 6535 Apple Mac OS X SSH URI Handler Code Execution Source: CCN Type: BID-10406 Apple Mac OS X SSH URI Handler Remote Code Execution Vulnerability Source: CCN Type: Unsanity Web site Paranoid Android download Source: XF Type: UNKNOWN macos-ssh-code-execution(16242) Source: XF Type: UNKNOWN macos-ssh-code-execution(16242) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||