Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
References
Link | Resource |
---|---|
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html | Broken Link |
http://www.insecure.ws/article.php?story=200405222251133 | Exploit Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 | Third Party Advisory VDB Entry |
Configurations
History
13 Feb 2024, 17:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | |
CWE | CWE-88 | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 - Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html - Broken Link |
Information
Published : 2004-07-07 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-0489
Mitre link : CVE-2004-0489
CVE.ORG link : CVE-2004-0489
JSON object : View
Products Affected
apple
- mac_os_x
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')