PT-2005-2000 · Omni Group+1 · Omniweb+2

David Remahl

Publicado

2005-04-18

Atualizado

2008-09-05

CVE-2005-0976

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions AppleWebKit (WebCore and WebKit) versions used in Safari 1.2 and OmniGroup OmniWeb 5.1

Description The issue allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component. This can be achieved by using automatically mounted disk images and file:// URLs.

Recommendations For AppleWebKit (WebCore and WebKit) versions used in Safari 1.2 and OmniGroup OmniWeb 5.1, consider disabling the XMLHttpRequest Javascript component as a temporary workaround until a patch is available. Restrict access to file:// URLs to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0976

Produtos afetados

Apple Webkit

Omniweb

Safari

PT-2005-2000 · Omni Group+1 · Omniweb+2

CVE-2005-0976

Identificadores relacionados

Produtos afetados

Referências · 3