CVE-2004-0489

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html - Broken Link () http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html - Broken Link
References () http://www.insecure.ws/article.php?story=200405222251133 - Exploit, Vendor Advisory () http://www.insecure.ws/article.php?story=200405222251133 - Exploit, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 - Third Party Advisory, VDB Entry

13 Feb 2024, 17:52

Type Values Removed Values Added
CPE cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-88
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 - Third Party Advisory, VDB Entry
References (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html - (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html - Broken Link

Information

Published : 2004-07-07 04:00

Updated : 2024-11-20 23:48


NVD link : CVE-2004-0489

Mitre link : CVE-2004-0489

CVE.ORG link : CVE-2004-0489


JSON object : View

Products Affected

apple

  • mac_os_x
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')