cvelistv5 - CVE-2009-2816

CVE-2009-2816 (GCVE-0-2009-2816)

Vulnerability from cvelistv5

Published

2009-11-13 15:00

Modified

2024-08-07 06:07

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html	Mailing List, Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	Mailing List, Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Third Party Advisory
cve@mitre.org	http://osvdb.org/59940	Broken Link
cve@mitre.org	http://osvdb.org/59967	Broken Link
cve@mitre.org	http://secunia.com/advisories/37346	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/37358	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/37393	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/37397	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/43068	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT3949	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT4225	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/36997	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1023165	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3217	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3233	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212	Vendor Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=525789	Issue Tracking, Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/54239	Third Party Advisory, VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/59940	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/59967	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37346	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37358	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37393	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37397	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3949	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36997	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023165	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3217	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3233	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=525789	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54239	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:07:36.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "ADV-2009-3233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3233"
          },
          {
            "name": "APPLE-SA-2009-11-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
          },
          {
            "name": "ADV-2009-3217",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3217"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4225"
          },
          {
            "name": "FEDORA-2009-11487",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
          },
          {
            "name": "59967",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/59967"
          },
          {
            "name": "36997",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36997"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3949"
          },
          {
            "name": "1023165",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023165"
          },
          {
            "name": "oval:org.mitre.oval:def:6516",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "safari-crossorigin-csrf(54239)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
          },
          {
            "name": "FEDORA-2009-11491",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
          },
          {
            "name": "37358",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37358"
          },
          {
            "name": "59940",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/59940"
          },
          {
            "name": "37397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37397"
          },
          {
            "name": "37393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37393"
          },
          {
            "name": "APPLE-SA-2010-06-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
          },
          {
            "name": "37346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37346"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "ADV-2009-3233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3233"
        },
        {
          "name": "APPLE-SA-2009-11-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
        },
        {
          "name": "ADV-2009-3217",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3217"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4225"
        },
        {
          "name": "FEDORA-2009-11487",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
        },
        {
          "name": "59967",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/59967"
        },
        {
          "name": "36997",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36997"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3949"
        },
        {
          "name": "1023165",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023165"
        },
        {
          "name": "oval:org.mitre.oval:def:6516",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "safari-crossorigin-csrf(54239)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
        },
        {
          "name": "FEDORA-2009-11491",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
        },
        {
          "name": "37358",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37358"
        },
        {
          "name": "59940",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/59940"
        },
        {
          "name": "37397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37397"
        },
        {
          "name": "37393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37393"
        },
        {
          "name": "APPLE-SA-2010-06-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
        },
        {
          "name": "37346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37346"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2009-3233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3233"
            },
            {
              "name": "APPLE-SA-2009-11-11-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
            },
            {
              "name": "ADV-2009-3217",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3217"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "http://support.apple.com/kb/HT4225",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4225"
            },
            {
              "name": "FEDORA-2009-11487",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
            },
            {
              "name": "59967",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/59967"
            },
            {
              "name": "36997",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36997"
            },
            {
              "name": "http://support.apple.com/kb/HT3949",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3949"
            },
            {
              "name": "1023165",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023165"
            },
            {
              "name": "oval:org.mitre.oval:def:6516",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "safari-crossorigin-csrf(54239)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=525789",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
            },
            {
              "name": "FEDORA-2009-11491",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
            },
            {
              "name": "37358",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37358"
            },
            {
              "name": "59940",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/59940"
            },
            {
              "name": "37397",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37397"
            },
            {
              "name": "37393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37393"
            },
            {
              "name": "APPLE-SA-2010-06-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
            },
            {
              "name": "37346",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37346"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2816",
    "datePublished": "2009-11-13T15:00:00",
    "dateReserved": "2009-08-17T00:00:00",
    "dateUpdated": "2024-08-07T06:07:36.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2816\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-11-13T15:30:00.563\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de Cross-Origin Resource Sharing (CORS) en WebKit, tal como es usado en Safari de Apple anterior a versi\u00f3n 4.0.4 y Chrome de Google anterior a versi\u00f3n 3.0.195.33, incluye ciertos encabezados HTTP personalizados en la petici\u00f3n OPTIONS durante operaciones entre or\u00edgenes con comprobaci\u00f3n previa, lo que facilita a los atacantes remotos conducir ataques de  tipo cross-site request forgery (CSRF) por medio de una p\u00e1gina web especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0.4\",\"matchCriteriaId\":\"77BC4840-8A34-40F9-873B-DF0F4CADCBDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.195.33\",\"matchCriteriaId\":\"56C129DC-11E1-4710-B0F1-E0AF5AF6F6F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0\",\"matchCriteriaId\":\"73DE6E60-6BDD-450C-B7E2-744A0183A2DD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5646FDE9-CF21-46A9-B89D-F5BBDB4249AF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44669D7-6C1E-4844-B78A-73E253A7CC17\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/59940\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://osvdb.org/59967\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37346\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37358\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37393\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37397\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3949\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4225\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36997\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1023165\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3217\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3233\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=525789\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/59940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://osvdb.org/59967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/37397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1023165\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=525789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTA-2009-AVI-496

Vulnerability from certfr_avis

De multiples vulnérabilités dans Apple Safari permettent entre autres l'exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Apple Safari. Leur exploitation permet notamment à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari versions antérieures à 4.0.4 sur Microsoft Windows et Apple Mac OS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3949 du 11 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSafari versions ant\u00e9rieures \u00e0 4.0.4 sur Microsoft Windows et  Apple Mac OS X.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur Apple\nSafari. Leur exploitation permet notamment \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2804"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2842"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2816"
    },
    {
      "name": "CVE-2009-3384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3384"
    },
    {
      "name": "CVE-2009-2841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2841"
    }
  ],
  "initial_release_date": "2009-11-12T00:00:00",
  "last_revision_date": "2009-11-12T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-496",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3949 du 11 novembre 2009",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3949"
    }
  ]
}

CERTA-2009-AVI-500

Vulnerability from certfr_avis

Une vulnérabilité dans Google Chrome permet à un utilisateur malveillant de contourner la politique de sécurité.

Description

La gestion des en-têtes HTTP envoyés par Google Chrome lors de l'accès à des ressources partagées entre domaines permet de contourner la politique de sécurité. En particulier, elle facilite les injections de requêtes illégitimes par rebond (CSRF).

Solution

Mettre à jour en version 3.0.195.33.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Chrome 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour Google du 12 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cSPAN class=\"textit\"\u003eGoogle  Chrome\u003c/SPAN\u003e 3.x.",
  "content": "## Description\n\nLa gestion des en-t\u00eates HTTP envoy\u00e9s par Google Chrome lors de l\u0027acc\u00e8s \u00e0\ndes ressources partag\u00e9es entre domaines permet de contourner la\npolitique de s\u00e9curit\u00e9. En particulier, elle facilite les injections de\nrequ\u00eates ill\u00e9gitimes par rebond (CSRF).\n\n## Solution\n\nMettre \u00e0 jour en version 3.0.195.33.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2816"
    }
  ],
  "initial_release_date": "2009-11-13T00:00:00",
  "last_revision_date": "2009-11-13T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-500",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eGoogle Chrome\u003c/span\u003e permet\n\u00e0 un utilisateur malveillant de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour Google du 12 novembre 2009",
      "url": "http://googlechromereleases.blogspot.com/2009/11/stable-update-fix-google-chrome-not.html"
    }
  ]
}

CERTA-2010-AVI-280

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iOS.

Description

Plusieurs vulnérabilités, dont certaines permettent l'exécution de code arbitraire à distance, ont été corrigées dans le système d'exploitation Apple iOS.

Solution

Mettre à jour en version iOS 4.0.

Apple iOS 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4225 du 21 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iOS 3.x.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, dont certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance, ont \u00e9t\u00e9 corrig\u00e9es dans le syst\u00e8me d\u0027exploitation\nApple iOS.\n\n## Solution\n\nMettre \u00e0 jour en version iOS 4.0.\n",
  "cves": [
    {
      "name": "CVE-2010-1408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1408"
    },
    {
      "name": "CVE-2010-1407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1407"
    },
    {
      "name": "CVE-2010-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0046"
    },
    {
      "name": "CVE-2009-2195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2195"
    },
    {
      "name": "CVE-2010-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1751"
    },
    {
      "name": "CVE-2009-1723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1723"
    },
    {
      "name": "CVE-2010-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1387"
    },
    {
      "name": "CVE-2010-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1769"
    },
    {
      "name": "CVE-2010-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1390"
    },
    {
      "name": "CVE-2010-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1418"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-1403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1403"
    },
    {
      "name": "CVE-2010-1402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1402"
    },
    {
      "name": "CVE-2010-1414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1414"
    },
    {
      "name": "CVE-2010-1400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1400"
    },
    {
      "name": "CVE-2010-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1752"
    },
    {
      "name": "CVE-2010-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1753"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1774"
    },
    {
      "name": "CVE-2010-1391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1391"
    },
    {
      "name": "CVE-2010-1396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1396"
    },
    {
      "name": "CVE-2010-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1398"
    },
    {
      "name": "CVE-2010-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1761"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1762"
    },
    {
      "name": "CVE-2010-1399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1399"
    },
    {
      "name": "CVE-2010-1410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1410"
    },
    {
      "name": "CVE-2010-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0053"
    },
    {
      "name": "CVE-2010-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0050"
    },
    {
      "name": "CVE-2010-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0544"
    },
    {
      "name": "CVE-2010-1416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1416"
    },
    {
      "name": "CVE-2010-1409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1409"
    },
    {
      "name": "CVE-2010-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0047"
    },
    {
      "name": "CVE-2010-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0049"
    },
    {
      "name": "CVE-2010-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1394"
    },
    {
      "name": "CVE-2010-1405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1405"
    },
    {
      "name": "CVE-2010-1756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1756"
    },
    {
      "name": "CVE-2010-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0051"
    },
    {
      "name": "CVE-2010-1395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1395"
    },
    {
      "name": "CVE-2010-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1757"
    },
    {
      "name": "CVE-2010-1404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1404"
    },
    {
      "name": "CVE-2010-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0052"
    },
    {
      "name": "CVE-2010-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1758"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2010-1406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1406"
    },
    {
      "name": "CVE-2010-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1755"
    },
    {
      "name": "CVE-2010-1413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1413"
    },
    {
      "name": "CVE-2010-1397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1397"
    },
    {
      "name": "CVE-2010-1415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1415"
    },
    {
      "name": "CVE-2010-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1393"
    },
    {
      "name": "CVE-2010-1401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1401"
    },
    {
      "name": "CVE-2010-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1775"
    },
    {
      "name": "CVE-2010-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1754"
    },
    {
      "name": "CVE-2009-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2816"
    },
    {
      "name": "CVE-2010-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0054"
    },
    {
      "name": "CVE-2010-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1759"
    },
    {
      "name": "CVE-2010-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1389"
    },
    {
      "name": "CVE-2010-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1417"
    },
    {
      "name": "CVE-2010-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1392"
    },
    {
      "name": "CVE-2010-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1119"
    },
    {
      "name": "CVE-2010-1384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1384"
    }
  ],
  "initial_release_date": "2010-06-22T00:00:00",
  "last_revision_date": "2010-06-22T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-280",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4225 du 21 juin 2010",
      "url": "http://support.apple.com/kb/HT4225"
    }
  ]
}

fkie_cve-2009-2816

Vulnerability from fkie_nvd

Published

2009-11-13 15:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html	Mailing List, Patch, Vendor Advisory
cve@mitre.org	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	Mailing List, Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Third Party Advisory
cve@mitre.org	http://osvdb.org/59940	Broken Link
cve@mitre.org	http://osvdb.org/59967	Broken Link
cve@mitre.org	http://secunia.com/advisories/37346	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/37358	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/37393	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/37397	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/43068	Third Party Advisory
cve@mitre.org	http://support.apple.com/kb/HT3949	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT4225	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/36997	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id?1023165	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3217	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3233	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212	Vendor Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=525789	Issue Tracking, Third Party Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/54239	Third Party Advisory, VDB Entry
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/59940	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/59967	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37346	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37358	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37393	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37397	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3949	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36997	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023165	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3217	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3233	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=525789	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54239	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html	Third Party Advisory

Impacted products

Vendor	Product	Version
apple	safari	*
google	chrome	*
apple	iphone_os	*
opensuse	opensuse	11.2
opensuse	opensuse	11.3
fedoraproject	fedora	11
fedoraproject	fedora	12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77BC4840-8A34-40F9-873B-DF0F4CADCBDD",
              "versionEndExcluding": "4.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C129DC-11E1-4710-B0F1-E0AF5AF6F6F7",
              "versionEndExcluding": "3.0.195.33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
              "versionEndExcluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de Cross-Origin Resource Sharing (CORS) en WebKit, tal como es usado en Safari de Apple anterior a versi\u00f3n 4.0.4 y Chrome de Google anterior a versi\u00f3n 3.0.195.33, incluye ciertos encabezados HTTP personalizados en la petici\u00f3n OPTIONS durante operaciones entre or\u00edgenes con comprobaci\u00f3n previa, lo que facilita a los atacantes remotos conducir ataques de  tipo cross-site request forgery (CSRF) por medio de una p\u00e1gina web especialmente dise\u00f1ada."
    }
  ],
  "id": "CVE-2009-2816",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-11-13T15:30:00.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/59940"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/59967"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37346"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37358"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37393"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3949"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4225"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36997"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1023165"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3217"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3233"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/59940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/59967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1023165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2009-2816

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2816

Aliases

CVE-2009-2816

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2816",
    "description": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.",
    "id": "GSD-2009-2816",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2816.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2816"
      ],
      "details": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.",
      "id": "GSD-2009-2816",
      "modified": "2023-12-13T01:19:46.075578Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2816",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "ADV-2009-3233",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3233"
          },
          {
            "name": "APPLE-SA-2009-11-11-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
          },
          {
            "name": "ADV-2009-3217",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3217"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "http://support.apple.com/kb/HT4225",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4225"
          },
          {
            "name": "FEDORA-2009-11487",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
          },
          {
            "name": "59967",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/59967"
          },
          {
            "name": "36997",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36997"
          },
          {
            "name": "http://support.apple.com/kb/HT3949",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3949"
          },
          {
            "name": "1023165",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023165"
          },
          {
            "name": "oval:org.mitre.oval:def:6516",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "safari-crossorigin-csrf(54239)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=525789",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
          },
          {
            "name": "FEDORA-2009-11491",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
          },
          {
            "name": "37358",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37358"
          },
          {
            "name": "59940",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/59940"
          },
          {
            "name": "37397",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37397"
          },
          {
            "name": "37393",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37393"
          },
          {
            "name": "APPLE-SA-2010-06-21-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
          },
          {
            "name": "37346",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37346"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.0.195.33",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2816"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT3949",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3949"
            },
            {
              "name": "APPLE-SA-2009-11-11-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=525789",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
            },
            {
              "name": "FEDORA-2009-11487",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
            },
            {
              "name": "FEDORA-2009-11491",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
            },
            {
              "name": "37346",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/37346"
            },
            {
              "name": "ADV-2009-3217",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3217"
            },
            {
              "name": "36997",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/36997"
            },
            {
              "name": "37358",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/37358"
            },
            {
              "name": "ADV-2009-3233",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3233"
            },
            {
              "name": "37397",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/37397"
            },
            {
              "name": "59940",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/59940"
            },
            {
              "name": "59967",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/59967"
            },
            {
              "name": "1023165",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1023165"
            },
            {
              "name": "37393",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/37393"
            },
            {
              "name": "http://support.apple.com/kb/HT4225",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4225"
            },
            {
              "name": "APPLE-SA-2010-06-21-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "safari-crossorigin-csrf(54239)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
            },
            {
              "name": "oval:org.mitre.oval:def:6516",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-11-08T21:43Z",
      "publishedDate": "2009-11-13T15:30Z"
    }
  }
}

ghsa-2wxv-94xf-vqv2

Vulnerability from github

Published

2022-05-02 03:38

Modified

2022-05-02 03:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-13T15:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.",
  "id": "GHSA-2wxv-94xf-vqv2",
  "modified": "2022-05-02T03:38:54Z",
  "published": "2022-05-02T03:38:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2816"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/59940"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/59967"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37346"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37358"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37393"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37397"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3949"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4225"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36997"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023165"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3217"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3233"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-200911-0397

Vulnerability from variot

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Apple Safari Used in etc. WebKit is prone to a vulnerability that lets attackers bypass the same-origin policy. Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Apple Safari Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA37346

VERIFY ADVISORY: http://secunia.com/advisories/37346/

DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system.

1) An integer overflow error when processing ColorSync profiles embedded in images can be exploited to potentially execute arbitrary code.

For more information see vulnerability #4 in: SA36701

2) An error exists when handling an "Open Image in New Tab", "Open Image in New Window", or "Open Link in New Tab" shortcut menu action performed on a link to a local file. This can be exploited to load a local HTML file and disclose sensitive information by tricking a user into performing the affected actions within a specially crafted webpage.

3) An error exists in WebKit when sending "preflight" requests originating from a page in a different origin.

4) Multiple errors in WebKit when handling FTP directory listings on Windows can be exploited to disclose sensitive information, cause a crash, or potentially execute arbitrary code.

5) An error in WebKit when handling an HTML 5 Media Element on Mac OS X can be exploited to bypass remote image loading restrictions via e.g. HTML-formatted emails.

NOTE: Some errors leading to crashes, caused by the included libxml2 library, have also been reported.

SOLUTION: Update to version 4.0.4.

PROVIDED AND/OR DISCOVERED BY: 1-3, 5) Reported by the vendor. 4) The vendor credits Michal Zalewski of Google Inc.

ORIGINAL ADVISORY: http://support.apple.com/kb/HT3949

OTHER REFERENCES: SA36701: http://secunia.com/advisories/36701/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

This is related to vulnerability #3 in: SA37346

The security issue is reported in versions prior to 3.0.195.33.

For more information: SA37346

SOLUTION: Do not browse untrusted sites with an application using Qt components based on WebKit. ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

Request a free trial: http://secunia.com/products/corporate/vim/

TITLE: SUSE update for Multiple Packages

SECUNIA ADVISORY ID: SA43068

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

RELEASE DATE: 2011-01-25

DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43068/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0397",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.3"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "11"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "12"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "chrome",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "google",
        "version": "3.0.195.33"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.0 to  3.1.3"
      },
      {
        "model": "ios for ipod touch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.1 to  3.1.3"
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.0b2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.0b1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.32"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.24"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.21"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.43"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.37"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.33"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.31"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.30"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.61"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.65"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.64"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.59"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.55"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.53"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.48"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.46"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.36"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "chrome",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "3.0.195.33"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os_for_ipod_touch",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipod_touch",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "36997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-2816",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-2816",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-40262",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-2816",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-2816",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200911-148",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-40262",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Apple Safari Used in etc. WebKit is prone to a vulnerability that lets attackers bypass the same-origin policy. \nAttackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA37346\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37346/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple Safari, which can be\nexploited by malicious people to bypass certain security restrictions,\ndisclose sensitive information, or compromise a user\u0027s system. \n\n1) An integer overflow error when processing ColorSync profiles\nembedded in images can be exploited to potentially execute arbitrary\ncode. \n\nFor more information see vulnerability #4 in:\nSA36701\n\n2) An error exists when handling an \"Open Image in New Tab\", \"Open\nImage in New Window\", or \"Open Link in New Tab\" shortcut menu action\nperformed on a link to a local file. This can be exploited to load a\nlocal HTML file and disclose sensitive information by tricking a user\ninto performing the affected actions within a specially crafted\nwebpage. \n\n3) An error exists in WebKit when sending \"preflight\" requests\noriginating from a page in a different origin. \n\n4) Multiple errors in WebKit when handling FTP directory listings on\nWindows can be exploited to disclose sensitive information, cause a\ncrash, or potentially execute arbitrary code. \n\n5) An error in WebKit when handling an HTML 5 Media Element on Mac OS\nX can be exploited to bypass remote image loading restrictions via\ne.g. HTML-formatted emails. \n\nNOTE: Some errors leading to crashes, caused by the included libxml2\nlibrary, have also been reported. \n\nSOLUTION:\nUpdate to version 4.0.4. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3, 5) Reported by the vendor. \n4) The vendor credits Michal Zalewski of Google Inc. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT3949\n\nOTHER REFERENCES:\nSA36701:\nhttp://secunia.com/advisories/36701/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThis is related to vulnerability #3 in:\nSA37346\n\nThe security issue is reported in versions prior to 3.0.195.33. \n\nFor more information:\nSA37346\n\nSOLUTION:\nDo not browse untrusted sites with an application using Qt components\nbased on WebKit. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for Multiple Packages\n\nSECUNIA ADVISORY ID:\nSA43068\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43068/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nRELEASE DATE:\n2011-01-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43068/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43068/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for multiple packages, which fixes multiple\nvulnerabilities",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "BID",
        "id": "36997"
      },
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "db": "PACKETSTORM",
        "id": "82605"
      },
      {
        "db": "PACKETSTORM",
        "id": "82625"
      },
      {
        "db": "PACKETSTORM",
        "id": "82635"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "PACKETSTORM",
        "id": "82630"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-2816",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "36997",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "37346",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1023165",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3217",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "59940",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "37358",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "37393",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "43068",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "37397",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0212",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3233",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "59967",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "54239",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-40262",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82605",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82625",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82635",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "97846",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82630",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "db": "BID",
        "id": "36997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "PACKETSTORM",
        "id": "82605"
      },
      {
        "db": "PACKETSTORM",
        "id": "82625"
      },
      {
        "db": "PACKETSTORM",
        "id": "82635"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "PACKETSTORM",
        "id": "82630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "id": "VAR-200911-0397",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:16:47.539000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4225",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4225"
      },
      {
        "title": "HT3949",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3949"
      },
      {
        "title": "HT3949",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3949?viewlocale=ja_JP"
      },
      {
        "title": "HT4225",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4225?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/36997"
      },
      {
        "trust": 2.5,
        "url": "http://osvdb.org/59940"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1023165"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/37346"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/3217"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht3949"
      },
      {
        "trust": 1.8,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg00549.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4225"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=525789"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg00545.html"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/59967"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6516"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/37358"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/37393"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/37397"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/43068"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/3233"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2011/0212"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54239"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2816"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/54239"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2816"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.4,
        "url": "http://googlechromereleases.blogspot.com/2009/11/stable-update-fix-google-chrome-not.html"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/37346/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/37393/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36701/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37358/"
      },
      {
        "trust": 0.1,
        "url": "http://trac.webkit.org/changeset/47494"
      },
      {
        "trust": 0.1,
        "url": "http://trac.webkit.org/changeset/48725"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg00546.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37397/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "db": "BID",
        "id": "36997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "PACKETSTORM",
        "id": "82605"
      },
      {
        "db": "PACKETSTORM",
        "id": "82625"
      },
      {
        "db": "PACKETSTORM",
        "id": "82635"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "PACKETSTORM",
        "id": "82630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "db": "BID",
        "id": "36997"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "db": "PACKETSTORM",
        "id": "82605"
      },
      {
        "db": "PACKETSTORM",
        "id": "82625"
      },
      {
        "db": "PACKETSTORM",
        "id": "82635"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "PACKETSTORM",
        "id": "82630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "date": "2009-11-11T00:00:00",
        "db": "BID",
        "id": "36997"
      },
      {
        "date": "2010-01-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "date": "2009-11-16T09:29:40",
        "db": "PACKETSTORM",
        "id": "82605"
      },
      {
        "date": "2009-11-16T09:30:32",
        "db": "PACKETSTORM",
        "id": "82625"
      },
      {
        "date": "2009-11-16T10:41:50",
        "db": "PACKETSTORM",
        "id": "82635"
      },
      {
        "date": "2011-01-25T03:59:20",
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "date": "2009-11-16T09:30:46",
        "db": "PACKETSTORM",
        "id": "82630"
      },
      {
        "date": "2009-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "date": "2009-11-13T15:30:00.563000",
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-40262"
      },
      {
        "date": "2015-04-13T22:10:00",
        "db": "BID",
        "id": "36997"
      },
      {
        "date": "2010-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      },
      {
        "date": "2021-11-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      },
      {
        "date": "2024-11-21T01:05:48.340000",
        "db": "NVD",
        "id": "CVE-2009-2816"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit Vulnerable to cross-site request forgery",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002394"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-148"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-2816 (GCVE-0-2009-2816)

Vulnerability from cvelistv5

CERTA-2009-AVI-496

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-AVI-500

Vulnerability from certfr_avis

Description

Solution

CERTA-2010-AVI-280

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2009-2816

Vulnerability from fkie_nvd

gsd-2009-2816

Vulnerability from gsd

ghsa-2wxv-94xf-vqv2

Vulnerability from github

var-200911-0397

Vulnerability from variot

Tags

Sightings

Nomenclature