4.3 - CVE-2008-4818

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2008-4818	First vendor Publication	2008-11-10
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4818

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Flash Player cpe:2.3:a:adobe:flash_player:9.0.9.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.8.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0::mac_os_x::::: cpe:2.3:a:adobe:flash_player:9.0.28:::::::* cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20:::::::* cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::* cpe:2.3:a:adobe:flash_player:9.0.16.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.16::windows::::: cpe:2.3:a:adobe:flash_player:9.0.16:::::::* cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::* cpe:2.3:a:adobe:flash_player:9.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:8.0::basic::::: cpe:2.3:a:adobe:flash_player:8.0::pro::::: cpe:2.3:a:adobe:flash_player:8::pro::::: cpe:2.3:a:adobe:flash_player:8::professional::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:7.0.63::linux::::: cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:a:adobe:flash_player:7.0_r67::solaris::::: cpe:2.3:a:adobe:flash_player:7.0_r67:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:6:::::::* cpe:2.3:a:adobe:flash_player:5:::::::* cpe:2.3:a:adobe:flash_player:4:::::::* cpe:2.3:a:adobe:flash_player:3:::::::* cpe:2.3:a:adobe:flash_player:2:::::::* cpe:2.3:a:adobe:flash_player:mx_2004:::::::* cpe:2.3:a:adobe:flash_player:cs4::pro::::: cpe:2.3:a:adobe:flash_player:cs3::professional::::: cpe:2.3:a:adobe:flash_player:cs3::pro::::: cpe:2.3:a:adobe:flash_player:::basic:::::* cpe:2.3:a:adobe:flash_player:::pro:::::* cpe:2.3:a:adobe:flash_player:::::::: cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:a:adobe:flash_player:-:::::::*	73

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-03-13	Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash) File : nvt/glsa_200903_23.nasl
2008-11-12	Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl
2008-11-12	Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
49753	Adobe Flash Player HTTP Response Header XSS

Nessus® Vulnerability Scanner

Date	Description
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO
2009-03-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO
2008-12-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_6.nasl - Type : ACT_GATHER_INFO
2008-12-16	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-008.nasl - Type : ACT_GATHER_INFO
2008-11-18	Name : The remote Windows host contains a runtime environment that is affected by mu... File : adobe_air_apsb08-23.nasl - Type : ACT_GATHER_INFO
2008-11-11	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb08-20.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
http://secunia.com/advisories/32702
http://secunia.com/advisories/33179
http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.apple.com/kb/HT3338
http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256...
http://www.adobe.com/support/security/bulletins/apsb08-20.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://www.securityfocus.com/bid/32129
http://www.securitytracker.com/id?1021146
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
http://www.vupen.com/english/advisories/2008/3444
https://exchange.xforce.ibmcloud.com/vulnerabilities/46531

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:13:03	Multiple Updates
2024-11-28 12:16:54	Multiple Updates
2021-05-04 12:08:17	Multiple Updates
2021-04-22 01:08:38	Multiple Updates
2020-05-24 01:04:57	Multiple Updates
2020-05-23 00:22:30	Multiple Updates
2018-10-31 00:19:54	Multiple Updates
2018-10-30 12:02:39	Multiple Updates
2018-03-06 12:01:53	Multiple Updates
2017-08-08 09:24:29	Multiple Updates
2016-06-28 17:19:42	Multiple Updates
2016-04-26 17:58:18	Multiple Updates
2014-02-17 10:47:05	Multiple Updates
2013-05-11 00:29:25	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	73
Sources(s)	18
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	7

	Related
10	TA08-350A
10	SUN-248586
10	RHSA-2008:0980
10	GLSA-200903-23
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)