cvelistv5 - cve-2008-0050

CVE-2008-0050 (GCVE-0-2008-0050)

Vulnerability from cvelistv5

Published

2008-03-18 22:00

Modified

2024-08-07 07:32

Severity ?

CWE

Summary

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

References

URL

Tags

cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307563
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Patch
cve@mitre.org	http://secunia.com/advisories/29420
cve@mitre.org	http://secunia.com/advisories/31074
cve@mitre.org	http://www.securityfocus.com/bid/28290
cve@mitre.org	http://www.securityfocus.com/bid/28356
cve@mitre.org	http://www.securitytracker.com/id?1019655
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0920/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2094/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41313
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307563
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31074
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28290
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28356
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019655
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0920/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2094/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41313

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:24.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "macos-cfnetwork-502badgateway-spoofing(41313)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
          },
          {
            "name": "TA08-079A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "1019655",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019655"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "28356",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28356"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "28290",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28290"
          },
          {
            "name": "APPLE-SA-2008-07-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307563"
          },
          {
            "name": "ADV-2008-2094",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2094/references"
          },
          {
            "name": "ADV-2008-0920",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0920/references"
          },
          {
            "name": "31074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "macos-cfnetwork-502badgateway-spoofing(41313)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
        },
        {
          "name": "TA08-079A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "1019655",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019655"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "28356",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28356"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "28290",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28290"
        },
        {
          "name": "APPLE-SA-2008-07-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307563"
        },
        {
          "name": "ADV-2008-2094",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2094/references"
        },
        {
          "name": "ADV-2008-0920",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0920/references"
        },
        {
          "name": "31074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31074"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0050",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "macos-cfnetwork-502badgateway-spoofing(41313)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
            },
            {
              "name": "TA08-079A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "1019655",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019655"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "28356",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28356"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "28290",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28290"
            },
            {
              "name": "APPLE-SA-2008-07-11",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307563",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307563"
            },
            {
              "name": "ADV-2008-2094",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2094/references"
            },
            {
              "name": "ADV-2008-0920",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0920/references"
            },
            {
              "name": "31074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31074"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0050",
    "datePublished": "2008-03-18T22:00:00",
    "dateReserved": "2008-01-03T00:00:00",
    "dateUpdated": "2024-08-07T07:32:24.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0050\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-18T22:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.\"},{\"lang\":\"es\",\"value\":\"CFNetwork en Apple Mac OS X versi\u00f3n 10.4.11, permite que los servidores proxy HTTPS remotos falsifiquen sitios web seguros por medio de datos en un error 502 Bad Gateway.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE39585-CF3B-4493-96D8-B394544C7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09D5933-A7D9-4A61-B863-CD8E7D5E67D8\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307563\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28290\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28356\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019655\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-079A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0920/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2094/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41313\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28356\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019655\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-079A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0920/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2094/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41313\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2008-0050

Vulnerability from fkie_nvd

Published

2008-03-18 22:44

Modified

2025-04-09 00:30

Severity ?

Summary

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307563
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Patch
cve@mitre.org	http://secunia.com/advisories/29420
cve@mitre.org	http://secunia.com/advisories/31074
cve@mitre.org	http://www.securityfocus.com/bid/28290
cve@mitre.org	http://www.securityfocus.com/bid/28356
cve@mitre.org	http://www.securitytracker.com/id?1019655
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0920/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2094/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41313
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307563
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31074
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28290
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28356
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019655
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0920/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2094/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41313

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	10.4.11
	apple	mac_os_x_server	10.4.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error."
    },
    {
      "lang": "es",
      "value": "CFNetwork en Apple Mac OS X versi\u00f3n 10.4.11, permite que los servidores proxy HTTPS remotos falsifiquen sitios web seguros por medio de datos en un error 502 Bad Gateway."
    }
  ],
  "id": "CVE-2008-0050",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-18T22:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28290"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28356"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019655"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0920/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0920/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-gxfr-2jpg-pvjw

Vulnerability from github

Published

2022-05-01 23:27

Modified

2022-05-01 23:27

Details

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-18T22:44:00Z",
    "severity": "MODERATE"
  },
  "details": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.",
  "id": "GHSA-gxfr-2jpg-pvjw",
  "modified": "2022-05-01T23:27:23Z",
  "published": "2022-05-01T23:27:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0050"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31074"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28290"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28356"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019655"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0920/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2094/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307562 du 18 mars 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
    },
    {
      "name": "CVE-2008-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
    },
    {
      "name": "CVE-2007-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
    },
    {
      "name": "CVE-2008-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
    },
    {
      "name": "CVE-2007-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
    },
    {
      "name": "CVE-2007-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2007-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
    },
    {
      "name": "CVE-2008-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
    },
    {
      "name": "CVE-2008-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
    },
    {
      "name": "CVE-2007-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2008-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
    },
    {
      "name": "CVE-2008-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
    },
    {
      "name": "CVE-2008-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
    },
    {
      "name": "CVE-2007-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
    },
    {
      "name": "CVE-2007-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
    },
    {
      "name": "CVE-2008-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
    },
    {
      "name": "CVE-2007-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
    },
    {
      "name": "CVE-2007-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
    },
    {
      "name": "CVE-2007-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
    },
    {
      "name": "CVE-2008-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
    },
    {
      "name": "CVE-2008-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
    },
    {
      "name": "CVE-2007-5971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
    },
    {
      "name": "CVE-2008-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
    },
    {
      "name": "CVE-2008-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
    },
    {
      "name": "CVE-2007-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    },
    {
      "name": "CVE-2008-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
    },
    {
      "name": "CVE-2008-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    },
    {
      "name": "CVE-2008-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
    },
    {
      "name": "CVE-2007-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
    },
    {
      "name": "CVE-2008-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
    },
    {
      "name": "CVE-2007-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
    },
    {
      "name": "CVE-2006-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
    },
    {
      "name": "CVE-2008-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
    },
    {
      "name": "CVE-2007-0897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
    },
    {
      "name": "CVE-2008-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
    },
    {
      "name": "CVE-2007-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
    },
    {
      "name": "CVE-2007-4510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    },
    {
      "name": "CVE-2008-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
    },
    {
      "name": "CVE-2008-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
    },
    {
      "name": "CVE-2008-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
    },
    {
      "name": "CVE-2007-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
    },
    {
      "name": "CVE-2008-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
    },
    {
      "name": "CVE-2007-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
    },
    {
      "name": "CVE-2007-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
    },
    {
      "name": "CVE-2008-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
    },
    {
      "name": "CVE-2008-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
    },
    {
      "name": "CVE-2008-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
    },
    {
      "name": "CVE-2008-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
    },
    {
      "name": "CVE-2008-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
    },
    {
      "name": "CVE-2006-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
    },
    {
      "name": "CVE-2007-6428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
    },
    {
      "name": "CVE-2008-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2008-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
    },
    {
      "name": "CVE-2007-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2007-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
    },
    {
      "name": "CVE-2006-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
    },
    {
      "name": "CVE-2008-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
    },
    {
      "name": "CVE-2007-6421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
    },
    {
      "name": "CVE-2008-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
    },
    {
      "name": "CVE-2007-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
    },
    {
      "name": "CVE-2008-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
    },
    {
      "name": "CVE-2007-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
    },
    {
      "name": "CVE-2007-4990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
    },
    {
      "name": "CVE-2007-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2008-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    }
  ]
}

CERTA-2008-AVI-145

Vulnerability from certfr_avis

Plusieurs vulnérabilités permettant entre autres des attaques de type injection de code indirecte ou exécution de code arbitraire ont été corrigées dans Safari.

Description

La version 3.1 de Safari corrige plusieurs vulnérabilités affectant le navigateur d'Apple. Elles permettent de réaliser des attaques d'injection de code indirecte via un site malicieusement construit contenant du javascript. Elles permettent aussi d'exécuter du code arbitraire via l'utilisation d'une expression régulière javascript spécifiquement réalisée.

Solution

Se référer au bulletin de sécurité de Apple 307563 du 17 mars 2008 pour l'obtention des correctifs (cf. section Documentation).

Safari 3.0 et les versions antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sćurité de Apple 307563 du 17 mars 2008	None	vendor-advisory
Bulletin de sécurité Apple 307563 du 17 mars 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSafari 3.0 et les versions ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nLa version 3.1 de Safari corrige plusieurs vuln\u00e9rabilit\u00e9s affectant le\nnavigateur d\u0027Apple. Elles permettent de r\u00e9aliser des attaques\nd\u0027injection de code indirecte via un site malicieusement construit\ncontenant du javascript. Elles permettent aussi d\u0027ex\u00e9cuter du code\narbitraire via l\u0027utilisation d\u0027une expression r\u00e9guli\u00e8re javascript\nsp\u00e9cifiquement r\u00e9alis\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de Apple 307563 du 17 mars 2008 pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1011"
    },
    {
      "name": "CVE-2008-1009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1009"
    },
    {
      "name": "CVE-2008-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1006"
    },
    {
      "name": "CVE-2008-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1008"
    },
    {
      "name": "CVE-2008-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1010"
    },
    {
      "name": "CVE-2007-4680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4680"
    },
    {
      "name": "CVE-2008-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1003"
    },
    {
      "name": "CVE-2008-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1004"
    },
    {
      "name": "CVE-2008-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1005"
    },
    {
      "name": "CVE-2008-1007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1007"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2008-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1002"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307563 du 17 mars 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307563"
    }
  ],
  "reference": "CERTA-2008-AVI-145",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant entre autres des attaques de type\ninjection de code indirecte ou ex\u00e9cution de code arbitraire ont \u00e9t\u00e9\ncorrig\u00e9es dans Safari.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u0107urit\u00e9 de Apple 307563 du 17 mars 2008",
      "url": null
    }
  ]
}

var-200803-0016

Vulnerability from variot

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible. NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default.

Bist Du interessiert an einem neuen Job in IT-Sicherheit?

Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/

TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability

SECUNIA ADVISORY ID: SA15895

VERIFY ADVISORY: http://secunia.com/advisories/15895/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/

DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system.

For more information: SA15852

SOLUTION: Update to version 3.21. http://sourceforge.net/project/showfiles.php?group_id=66479

OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0016",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "drupal",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gentoo linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mandriva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pear xml rpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpxmlrpc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "postnuke",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "serendipity",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "trustix secure linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubuntu linux",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wordpress",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "xoops",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "phpmyfaq",
        "version": null
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "version"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "ipod touch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "BID",
        "id": "28356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipod_touch",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Swiecki robert@swiecki.netAdam BarthCollin Jackson collinj@cs.stanford.eduEric SeidelTavis Ormandy taviso@gentoo.orgWill Drewry wad@google.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0050",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2008-0050",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-30175",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-0050",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#442845",
            "trust": 0.8,
            "value": "20.75"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-0050",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-265",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-30175",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. \nAn attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible. \nNOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Safari is the WEB browser bundled with the Apple family operating system by default. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nNucleus XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15895\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15895/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNucleus 3.x\nhttp://secunia.com/product/3699/\n\nDESCRIPTION:\nA vulnerability has been reported in Nucleus, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 3.21. \nhttp://sourceforge.net/project/showfiles.php?group_id=66479\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "BID",
        "id": "28356"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "db": "PACKETSTORM",
        "id": "38388"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "28356",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "29420",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1019655",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA08-079A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "31074",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2094",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0920",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0924",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "28290",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "15895",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "15810",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15922",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15852",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15855",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15861",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15862",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15872",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15883",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "15884",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "14088",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1014327",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#442845",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA08-079A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265",
        "trust": 0.7
      },
      {
        "db": "CERT/CC",
        "id": "TA08-079A",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-03-18",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-07-11",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "502",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "41313",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-30175",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "38388",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "db": "BID",
        "id": "28356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "PACKETSTORM",
        "id": "38388"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "id": "VAR-200803-0016",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T22:28:36.444000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2008-002",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1249?viewlocale=en_US"
      },
      {
        "title": "iPhone v2.0 and iPod touch v2.0",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT2351"
      },
      {
        "title": "Safari 3.1",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1315"
      },
      {
        "title": "Safari 3.1",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307563-ja"
      },
      {
        "title": "Security Update 2008-002",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
      },
      {
        "title": "iPhone v2.0 and iPod touch v2.0",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT2351?viewlocale=ja_JP\u0026locale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/28356"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1019655"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/29420"
      },
      {
        "trust": 2.0,
        "url": "http://docs.info.apple.com/article.html?artnum=307562"
      },
      {
        "trust": 2.0,
        "url": "http://docs.info.apple.com/article.html?artnum=307563"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008//jul/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/28290"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31074"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0920/references"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0924/references"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2094/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15895/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/15852/"
      },
      {
        "trust": 0.8,
        "url": "http://www.hardened-php.net/advisory-022005.php"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15861/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15862/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15884/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15883/"
      },
      {
        "trust": 0.8,
        "url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15855/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15810/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15872/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/15922/"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
      },
      {
        "trust": 0.8,
        "url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/14088"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0050"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/0920"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/0924"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta08-079a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta08-079a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0050"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/41313"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2094/references"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0924/references"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0920/references"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3699/"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=66479"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "db": "BID",
        "id": "28356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "PACKETSTORM",
        "id": "38388"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "db": "BID",
        "id": "28356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "db": "PACKETSTORM",
        "id": "38388"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-07-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "BID",
        "id": "28356"
      },
      {
        "date": "2008-04-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "date": "2005-07-01T23:31:00",
        "db": "PACKETSTORM",
        "id": "38388"
      },
      {
        "date": "2008-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "date": "2008-03-18T22:44:00",
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#442845"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-30175"
      },
      {
        "date": "2015-05-07T18:20:00",
        "db": "BID",
        "id": "28356"
      },
      {
        "date": "2008-07-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001198"
      },
      {
        "date": "2008-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      },
      {
        "date": "2024-11-21T00:41:02.910000",
        "db": "NVD",
        "id": "CVE-2008-0050"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#442845"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-265"
      }
    ],
    "trust": 0.6
  }
}

gsd-2008-0050

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

Aliases

CVE-2008-0050

Aliases

CVE-2008-0050

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0050",
    "description": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.",
    "id": "GSD-2008-0050"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0050"
      ],
      "details": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.",
      "id": "GSD-2008-0050",
      "modified": "2023-12-13T01:22:58.204176Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0050",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "macos-cfnetwork-502badgateway-spoofing(41313)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
          },
          {
            "name": "TA08-079A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "1019655",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019655"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "28356",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28356"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "28290",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28290"
          },
          {
            "name": "APPLE-SA-2008-07-11",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307563",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307563"
          },
          {
            "name": "ADV-2008-2094",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2094/references"
          },
          {
            "name": "ADV-2008-0920",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0920/references"
          },
          {
            "name": "31074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31074"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0050"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307563",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307563"
            },
            {
              "name": "1019655",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019655"
            },
            {
              "name": "TA08-079A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
            },
            {
              "name": "28290",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28290"
            },
            {
              "name": "28356",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28356"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "APPLE-SA-2008-07-11",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
            },
            {
              "name": "31074",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31074"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2008-0920",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0920/references"
            },
            {
              "name": "ADV-2008-2094",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2094/references"
            },
            {
              "name": "macos-cfnetwork-502badgateway-spoofing(41313)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41313"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-03-18T22:44Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0050 (GCVE-0-2008-0050)

Vulnerability from cvelistv5

fkie_cve-2008-0050

Vulnerability from fkie_nvd

ghsa-gxfr-2jpg-pvjw

Vulnerability from github

CERTA-2008-AVI-148

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-145

Vulnerability from certfr_avis

Description

Solution

var-200803-0016

Vulnerability from variot

gsd-2008-0050

Vulnerability from gsd

Tags

Sightings

Nomenclature