Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3384 | First vendor Publication | 2009-11-13 |
| Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3384 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:22986 | |||
| Oval ID: | oval:org.mitre.oval:def:22986 | ||
| Title: | ELSA-2009:1530: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1530-01 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 CVE-2009-3384 | Version: | 49 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox nspr xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29230 | |||
| Oval ID: | oval:org.mitre.oval:def:29230 | ||
| Title: | RHSA-2009:1530 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1530 CVE-2009-0689 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 CVE-2009-3384 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 | Product(s): | firefox nspr xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6362 | |||
| Oval ID: | oval:org.mitre.oval:def:6362 | ||
| Title: | WebKit in Apple Safari Multiple Unspecified Vulnerabilities. | ||
| Description: | Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3384 | Version: | 5 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Apple Safari |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Fedora Core 12 FEDORA-2009-11487 (qt) File : nvt/fcore_2009_11487.nasl |
| 2009-11-17 | Name : Fedora Core 10 FEDORA-2009-11488 (qt) File : nvt/fcore_2009_11488.nasl |
| 2009-11-17 | Name : Fedora Core 11 FEDORA-2009-11491 (qt) File : nvt/fcore_2009_11491.nasl |
| 2009-11-17 | Name : Apple Safari Multiple Vulnerabilities - Nov09 File : nvt/secpod_apple_safari_mult_vuln_nov09.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 59943 | Apple Safari WebKit FTP Directory Listing Handling Arbitrary Code Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110104.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110111.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11487.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11488.nasl - Type : ACT_GATHER_INFO |
| 2009-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11491.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_4.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-04-10 12:05:40 |
|
| 2020-05-23 01:40:54 |
|
| 2020-05-23 00:24:22 |
|
| 2017-11-29 12:03:06 |
|
| 2017-11-23 12:03:08 |
|
| 2017-09-19 09:23:25 |
|
| 2017-08-17 09:22:43 |
|
| 2016-06-28 17:50:37 |
|
| 2016-04-26 19:09:02 |
|
| 2014-06-14 13:28:18 |
|
| 2014-02-17 10:51:45 |
|
| 2013-05-10 23:58:03 |
|
