PT-2005-2000 · Omni Group+1 · Omniweb+2

David Remahl

Published

2005-04-18

Updated

2008-09-05

CVE-2005-0976

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions AppleWebKit (WebCore and WebKit) versions used in Safari 1.2 and OmniGroup OmniWeb 5.1

Description The issue allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component. This can be achieved by using automatically mounted disk images and file:// URLs.

Recommendations For AppleWebKit (WebCore and WebKit) versions used in Safari 1.2 and OmniGroup OmniWeb 5.1, consider disabling the XMLHttpRequest Javascript component as a temporary workaround until a patch is available. Restrict access to file:// URLs to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0976

Affected Products

Apple Webkit

Omniweb

Safari

PT-2005-2000 · Omni Group+1 · Omniweb+2

CVE-2005-0976

Related Identifiers

Affected Products

References · 3