This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2010-02-18
Product Webkit Last view 2010-08-19
Version r51280 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:apple:webkit

Activity : Overall

Related : CVE

  Date Alert Description
10 2010-08-19 CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

10 2010-08-19 CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.

9.3 2010-02-18 CVE-2010-0659

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

4.3 2010-02-18 CVE-2010-0656

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.

4.3 2010-02-18 CVE-2010-0651

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

9.3 2010-02-18 CVE-2010-0647

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a >

sequence.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-200 Information Exposure
16% (1) CWE-399 Resource Management Errors
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-255 Credentials Management
16% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

id Description
67296 WebKit WebCore loader/DocumentThreadableLoader.cpp XMLHttpRequest Implementat...
67295 WebKit WebCore page/Geolocation.cpp lastPosition Function Access Restriction ...
62462 Google Chrome WebKit Image Decoder Sandbox Malformed GIF File Arbitrary Code ...
62317 Google Chrome ruby Tag Handling Arbitrary Code Execution
62308 Google Chrome WebKit Directory Listing XMLHttpRequests Information Disclosure
62307 Google Chrome WebKit CSS Stylesheet Cross-origin Information Disclosure

OpenVAS Exploits

id Description
2011-03-07 Name : Mandriva Update for webkit MDVSA-2011:039 (webkit)
File : nvt/gb_mandriva_MDVSA_2011_039.nasl
2011-02-18 Name : Fedora Update for webkitgtk FEDORA-2011-1224
File : nvt/gb_fedora_2011_1224_webkitgtk_fc13.nasl
2011-01-11 Name : Fedora Update for webkitgtk FEDORA-2011-0121
File : nvt/gb_fedora_2011_0121_webkitgtk_fc13.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15957
File : nvt/gb_fedora_2010_15957_webkitgtk_fc13.nasl
2010-10-22 Name : Fedora Update for webkitgtk FEDORA-2010-15982
File : nvt/gb_fedora_2010_15982_webkitgtk_fc12.nasl
2010-10-22 Name : Ubuntu Update for webkit vulnerabilities USN-1006-1
File : nvt/gb_ubuntu_USN_1006_1.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14409
File : nvt/gb_fedora_2010_14409_webkitgtk_fc13.nasl
2010-09-22 Name : Fedora Update for webkitgtk FEDORA-2010-14419
File : nvt/gb_fedora_2010_14419_webkitgtk_fc12.nasl
2010-07-22 Name : FreeBSD Ports: webkit-gtk2
File : nvt/freebsd_webkit-gtk2.nasl
2010-07-16 Name : Fedora Update for qt FEDORA-2010-11011
File : nvt/gb_fedora_2010_11011_qt_fc13.nasl
2010-07-16 Name : Fedora Update for qt FEDORA-2010-11020
File : nvt/gb_fedora_2010_11020_qt_fc12.nasl
2010-05-17 Name : Fedora Update for qt FEDORA-2010-8360
File : nvt/gb_fedora_2010_8360_qt_fc12.nasl
2010-05-17 Name : Fedora Update for qt FEDORA-2010-8379
File : nvt/gb_fedora_2010_8379_qt_fc11.nasl
2010-03-31 Name : Fedora Update for qt FEDORA-2010-4524
File : nvt/gb_fedora_2010_4524_qt_fc11.nasl
2010-03-31 Name : Fedora Update for qt FEDORA-2010-4518
File : nvt/gb_fedora_2010_4518_qt_fc12.nasl
2010-02-22 Name : Google Chrome Multiple Vulnerabilities - (Win)
File : nvt/secpod_google_chrome_mult_vuln_win01.nasl
2010-02-22 Name : Google Chrome Multiple Vulnerabilities - (Windows)
File : nvt/secpod_google_chrome_mult_vuln_win02.nasl

Nessus® Vulnerability Scanner

id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libwebkit-100723.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libwebkit-110104.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_libwebkit-110111.nasl - Type: ACT_GATHER_INFO
2011-03-03 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-039.nasl - Type: ACT_GATHER_INFO
2010-10-20 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1006-1.nasl - Type: ACT_GATHER_INFO
2010-09-21 Name: The remote Fedora host is missing a security update.
File: fedora_2010-14419.nasl - Type: ACT_GATHER_INFO
2010-09-16 Name: The remote Fedora host is missing a security update.
File: fedora_2010-14409.nasl - Type: ACT_GATHER_INFO
2010-07-19 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_19419b3b92bd11dfb1400015f2db7bde.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-4518.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-4521.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-4524.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-8360.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-8379.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-8423.nasl - Type: ACT_GATHER_INFO
2010-02-11 Name: The remote host contains a web browser that is affected by multiple vulnerabi...
File: google_chrome_4_0_249_89.nasl - Type: ACT_GATHER_INFO
2010-01-26 Name: The remote host contains a web browser that is affected by multiple vulnerabi...
File: google_chrome_4_0_249_78.nasl - Type: ACT_GATHER_INFO