CVE-2009-0123 - Vulnerability Details - OpenCVE

Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Safari
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:microsoft:windows::::::::

No data.

References

Link	Providers
http://brian.mastenbrook.net/display/27
http://isc.sans.org/diary.html?storyid=5689
http://secunia.com/advisories/33458
http://www.securityfocus.com/bid/33234
http://www.securitytracker.com/id?1021581
https://exchange.xforce.ibmcloud.com/vulnerabilities/47917

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-15T17:00:00

Updated: 2024-08-07T04:24:17.541Z

Reserved: 2009-01-15T00:00:00

Link: CVE-2009-0123

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-15T17:30:00.500

Modified: 2024-11-21T00:59:06.283

Link: CVE-2009-0123

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1021581", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021581"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.html?storyid=5689"}, {"name": "33458", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33458"}, {"name": "safari-rss-feed-info-disclosure(47917)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47917"}, {"name": "33234", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33234"}, {"tags": ["x_refsource_MISC"], "url": "http://brian.mastenbrook.net/display/27"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1021581", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021581"}, {"name": "http://isc.sans.org/diary.html?storyid=5689", "refsource": "MISC", "url": "http://isc.sans.org/diary.html?storyid=5689"}, {"name": "33458", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33458"}, {"name": "safari-rss-feed-info-disclosure(47917)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47917"}, {"name": "33234", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33234"}, {"name": "http://brian.mastenbrook.net/display/27", "refsource": "MISC", "url": "http://brian.mastenbrook.net/display/27"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:24:17.541Z"}, "title": "CVE Program Container", "references": [{"name": "1021581", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021581"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary.html?storyid=5689"}, {"name": "33458", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33458"}, {"name": "safari-rss-feed-info-disclosure(47917)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47917"}, {"name": "33234", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33234"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://brian.mastenbrook.net/display/27"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0123", "datePublished": "2009-01-15T17:00:00", "dateReserved": "2009-01-15T00:00:00", "dateUpdated": "2024-08-07T04:24:17.541Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes."}, {"lang": "es", "value": "Vulnerabilidad inespec\u00edfica en Apple Safari en Mac OS X v10.5 y Windows permitir\u00eda a atacantes remotos leer ficheros de su elecci\u00f3n en un cliente a trav\u00e9s de vectores relacionados con la asociaci\u00f3n de Safari con (1) suscripci\u00f3n (2) suscripciones y (3) b\u00fasqueda de suscripciones de tipo URL para suscripci\u00f3n de RSS. NOTA: Hasta el 14-01-2009 solo se ha revelado un preaviso vago. Sin embargo, debido a que proviene de un conocido desarrollador se le esta asignando un identificador CVE con la finalidad de su seguimiento."}], "id": "CVE-2009-0123", "lastModified": "2024-11-21T00:59:06.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-15T17:30:00.500", "references": [{"source": "cve@mitre.org", "url": "http://brian.mastenbrook.net/display/27"}, {"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.html?storyid=5689"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33458"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33234"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021581"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47917"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://brian.mastenbrook.net/display/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.html?storyid=5689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47917"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}