| Vulnerability Name: | CVE-2005-0976 (CCN-20124) | ||||||||
| Assigned: | 2005-04-16 | ||||||||
| Published: | 2005-04-16 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Apr 16 2005 - 01:15:21 CDT AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability Source: MITRE Type: CNA CVE-2005-0976 Source: CCN Type: Apple Security Content Article 301327 About the security content of the Mac OS X 10.3.9 Update Source: APPLE Type: UNKNOWN APPLE-SA-2005-04-15 Source: MISC Type: Exploit http://remahl.se/david/vuln/001/ Source: CCN Type: Safari RSS Web site Apple - Mac OS X - Safari RSS Source: CCN Type: CIAC INFORMATION BULLETIN P-185 Apple Mac OS X v10.3.9 Security Update Source: CCN Type: US-CERT VU#998369 Apple Web Kit-based browsers may allow remote access to local filesystem contents Source: CCN Type: OmniWeb Web site The Omni Group - Applications - OmniWeb Source: CCN Type: OSVDB ID: 15637 Apple Mac OS X AppleWebKit Local Domain JavaScript Execution Source: CCN Type: BID-13202 Apple WebCore Framework XMLHttpRequests Remote Code Execution Vulnerability Source: XF Type: UNKNOWN safari-xmlhttprequest-execute-code(20124) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||