CVE-2004-0489

Safari <10.3.3 - Command Injection

Title source: llm

Description

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.

References (3)

[Broken Link] http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html

[Exploit, Vendor Advisory] http://www.insecure.ws/article.php?story=200405222251133

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16242

Scores

EPSS 0.1429

EPSS Percentile 94.3%

Classification

CWE

CWE-88

Status draft

Affected Products (1)

apple/mac_os_x < 10.3.3

Timeline

Published Jul 07, 2004

Tracked Since Feb 18, 2026