Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
                
            References
                    | Link | Resource | 
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html | Broken Link | 
| http://www.insecure.ws/article.php?story=200405222251133 | Exploit Vendor Advisory | 
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 | Third Party Advisory VDB Entry | 
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021871.html | Broken Link | 
| http://www.insecure.ws/article.php?story=200405222251133 | Exploit Vendor Advisory | 
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16242 | Third Party Advisory VDB Entry | 
Configurations
                    History
                    No history.
Information
                Published : 2004-07-07 04:00
Updated : 2025-04-03 01:03
NVD link : CVE-2004-0489
Mitre link : CVE-2004-0489
CVE.ORG link : CVE-2004-0489
JSON object : View
Products Affected
                apple
- mac_os_x
CWE
                
                    
                        
                        CWE-88
                        
            Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
