Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2004-0489

High

7.6/10

Summary

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.

Access Complexity: HIGH
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References

Advisory Timeline

Published Jul 07, 2004

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVE-2004-0489

Summary

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS