Vulnerability Name:
CVE-2009-1712 (CCN-51266)
Assigned:
2009-06-08
Published:
2009-06-08
Updated:
2017-08-17
Summary:
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-94
Vulnerability Consequences:
Obtain Information
References:
Source: MITRE
Type: CNA
CVE-2009-1712
Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2009-06-08-1
Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:002
Source: OSVDB
Type: UNKNOWN
55022
Source: CCN
Type: SA35379
Apple Safari Multiple Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
35379
Source: SECUNIA
Type: UNKNOWN
36790
Source: SECUNIA
Type: UNKNOWN
37746
Source: SECUNIA
Type: UNKNOWN
43068
Source: CCN
Type: SECTRACK ID: 1022345
Apple Safari Bugs Let Remote Users Execute Arbitrary Code
Source: SECTRACK
Type: Patch
1022345
Source: CCN
Type: Apple Web site
About the security content of Safari 4.0
Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.apple.com/kb/HT3613
Source: DEBIAN
Type: UNKNOWN
DSA-1950
Source: DEBIAN
Type: DSA-1950
webkit -- several vulnerabilities
Source: DEBIAN
Type: DSA-1988
qt4-x11 -- several vulnerabilities
Source: CCN
Type: OSVDB ID: 55022
Apple Safari WebKit Arbitrary Local Java Applet Access
Source: BID
Type: Exploit, Patch
35260
Source: CCN
Type: BID-35260
RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
Source: BID
Type: UNKNOWN
35350
Source: CCN
Type: BID-35350
WebKit Java Applet Remote Code Execution Vulnerability
Source: CCN
Type: USN-836-1
WebKit vulnerabilities
Source: UBUNTU
Type: UNKNOWN
USN-836-1
Source: CCN
Type: USN-857-1
Qt vulnerabilities
Source: UBUNTU
Type: UNKNOWN
USN-857-1
Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1522
Source: VUPEN
Type: UNKNOWN
ADV-2011-0212
Source: XF
Type: UNKNOWN
safari-applets-code-execution(51266)
Source: XF
Type: UNKNOWN
safari-applets-code-execution(51266)
Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report
Vulnerable Configuration:
Configuration 1
:
cpe:/a:apple:safari:0.8:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:0.9:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0.3:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.1:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.1:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.2:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.2:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0.4:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.2:-:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.3:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.4:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.1:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.2:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.1:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.3:*:mac:*:*:*:*:*
OR
cpe:/a:apple:safari:*:*:mac:*:*:*:*:*
(Version <= 4.0_beta)
Configuration 2
:
cpe:/a:apple:safari:3.0:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.1:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.2:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.3:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.4:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.1:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.2:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2:-:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.1:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.2:*:windows:*:*:*:*:*
OR
cpe:/a:apple:safari:*:*:windows:*:*:*:*:*
(Version <= 3.2.3)
Configuration CCN 1
:
cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.1.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.1:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.0.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:1.3.2:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:0.8:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:3.2.3:*:*:*:*:*:*:*
OR
cpe:/a:apple:safari:4.0:beta:*:*:*:*:*:*
OR
cpe:/a:apple:safari:0.9:*:*:*:*:*:*:*
AND
cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
OR
cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
OR
cpe:/o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20091712
V
CVE-2009-1712
2015-11-16
oval:org.mitre.oval:def:13113
P
USN-836-1 -- webkit vulnerabilities
2014-06-30
oval:org.mitre.oval:def:13946
P
USN-857-1 -- qt4-x11 vulnerabilities
2014-06-30
oval:org.mitre.oval:def:19394
P
DSA-1988-1 qt4-x11 - several vulnerabilities
2014-06-23
oval:org.mitre.oval:def:6923
P
DSA-1988 qt4-x11 -- several vulnerabilities
2014-06-23
oval:org.mitre.oval:def:18395
P
DSA-1950-1 webkit - several vulnerabilities
2014-06-23
oval:org.mitre.oval:def:7247
P
DSA-1950 webkit -- several vulnerabilities
2014-06-23
oval:org.debian:def:1988
V
several vulnerabilities
2010-02-02
oval:org.debian:def:1950
V
several vulnerabilities
2009-12-12
BACK
apple
safari 0.8
apple
safari 0.9
apple
safari 1.0
apple
safari 1.0.3
apple
safari 1.1
apple
safari 1.2
apple
safari 1.3
apple
safari 1.3.1
apple
safari 1.3.2
apple
safari 2.0
apple
safari 2.0.2
apple
safari 2.0.4
apple
safari 3.0
apple
safari 3.0.2 -
apple
safari 3.0.3
apple
safari 3.0.4
apple
safari 3.1
apple
safari 3.1.1
apple
safari 3.1.2
apple
safari 3.2.1
apple
safari 3.2.3
apple
safari *
apple
safari 3.0
apple
safari 3.0.1
apple
safari 3.0.2
apple
safari 3.0.3
apple
safari 3.0.4
apple
safari 3.1
apple
safari 3.1.1
apple
safari 3.1.2
apple
safari 3.2 -
apple
safari 3.2.1
apple
safari 3.2.2
apple
safari *
apple
safari 2.0.2
apple
safari 3.0.1
apple
safari 3.0.2
apple
safari 3.0.3
apple
safari 3.1
apple
safari 1.3.1
apple
safari 1.3
apple
safari 1.2
apple
safari 1.1
apple
safari 1.0
apple
safari 2.0
apple
safari 3.0
apple
safari 3.0.4
apple
safari 3.1.1
apple
safari 3.1.2
apple
safari 3.2
apple
safari 3.2.1
apple
safari 3.2.2
apple
safari 1.0.3
apple
safari 1.3.2
apple
safari 0.8
apple
safari 3.2.3
apple
safari 4.0 beta
apple
safari 0.9
apple
mac os x 10.4.11
apple
mac os x server 10.4.11
debian
debian linux 5.0
apple
mac os x 10.5.7
apple
mac os x server 10.5.7
Denotes that component is vulnerable