CVE-2004-0489

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Safari versions prior to 10.3.3 on Mac OS

Description The issue concerns an argument injection vulnerability in the SSH URI handler for Safari. This vulnerability allows remote attackers to execute arbitrary code via the ProxyCommand option or conduct port forwarding via the -R option.

Recommendations For Safari versions prior to 10.3.3 on Mac OS, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to the SSH URI handler to minimize the risk of arbitrary code execution or port forwarding. Avoid using the ProxyCommand option and the -R option in the SSH URI handler until the issue is resolved.

Exploit

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2004-0489

Affected Products

Apple Macos

Safari

CVE-2004-0489

Weakness Enumeration

Related Identifiers

Affected Products

References · 4