cvelistv5 - cve-2009-1697

CVE-2009-1697 (GCVE-0-2009-1697)

Vulnerability from cvelistv5

Published

2009-06-10 17:37

Modified

2024-08-07 05:20

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitre.org	http://osvdb.org/54992
cve@mitre.org	http://secunia.com/advisories/35379	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37746
cve@mitre.org	http://secunia.com/advisories/43068
cve@mitre.org	http://securitytracker.com/id?1022344	Patch
cve@mitre.org	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3639
cve@mitre.org	http://www.debian.org/security/2009/dsa-1950
cve@mitre.org	http://www.securityfocus.com/bid/35260	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1621
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/54992
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022344	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3639
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1950
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35260	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1621
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:20:35.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022344",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022344"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3639"
          },
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "ADV-2009-1621",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1621"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "APPLE-SA-2009-06-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "35260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35260"
          },
          {
            "name": "ADV-2009-1522",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "37746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37746"
          },
          {
            "name": "APPLE-SA-2009-06-17-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
          },
          {
            "name": "DSA-1950",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1950"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "35379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "name": "54992",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54992"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3613"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-19T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1022344",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022344"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3639"
        },
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "name": "ADV-2009-1621",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1621"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "APPLE-SA-2009-06-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
        },
        {
          "name": "35260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35260"
        },
        {
          "name": "ADV-2009-1522",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1522"
        },
        {
          "name": "37746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37746"
        },
        {
          "name": "APPLE-SA-2009-06-17-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
        },
        {
          "name": "DSA-1950",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1950"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "35379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35379"
        },
        {
          "name": "54992",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54992"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3613"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022344",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022344"
            },
            {
              "name": "http://support.apple.com/kb/HT3639",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3639"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "ADV-2009-1621",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1621"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "35260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35260"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "37746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37746"
            },
            {
              "name": "APPLE-SA-2009-06-17-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
            },
            {
              "name": "DSA-1950",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1950"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "54992",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54992"
            },
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3613"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1697",
    "datePublished": "2009-06-10T17:37:00",
    "dateReserved": "2009-05-20T00:00:00",
    "dateUpdated": "2024-08-07T05:20:35.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1697\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-06-10T18:00:00.483\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n CRLF (se refiere a CR (retorno de carro) y LF (salto de l\u00ednea)) en WebKit en Apple Safari anterior a v4.0. Permite a atacantes remotos inyectar cabeceras HTTP y saltarse la pol\u00edtica \\\"Same Origin\\\" a trav\u00e9s de un documento HTML manipulado, relativo a ataques de secuencias de comandos en sitios cruzados (XSS) que dependen de la comunicaci\u00f3n con sitios Web arbitrarios dentro del mismo servidor Web, mediante el uso de XMLHttpRequest sin la cabecera Host.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*\",\"versionEndIncluding\":\"4.0_beta\",\"matchCriteriaId\":\"2AA3463B-FB1D-4957-A738-946399B1B9DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"1F5F96DD-BD44-497B-A05E-326819BC46F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"2B00DC91-9895-405E-B9B4-211ABC3728DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"82C4A098-7EAC-4611-B621-3F0EB1B15960\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"56B016E7-C403-42AC-BF75-9BA723122A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"83CFAFD2-630E-4DB9-B187-6918CFE3075C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"F03B8DC9-B295-42A8-904F-3D1F827FFECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"1876BC3B-B207-4E81-A0A7-259AFE6F2DEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"03BBCC9D-E160-4614-B2B8-6359FE644E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"CDB6B46E-30E1-4E16-A941-F5E19AB34493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"E783789C-C5D4-47A2-A947-D19793B182E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"CE3C68CF-21A2-47D8-84F2-FD3219E90043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"4D4AD962-D9AD-48E5-9B53-E3C1593D43CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"30FA25DB-3525-4755-B038-6572B2457CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9270F5C4-63B9-48C5-9D6D-9CDA1461205C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9BE1D829-A6C9-4B5C-971B-5515FB92061D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"8BC133D1-E120-4B84-85DC-1D528CB77FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"90D8505E-35D2-40A1-9D75-1A023C4DD65E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"1D087ECA-D214-4A6B-8F64-7F8AABB14706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"B4ABDE92-E8A8-431D-BF9C-9A54667A8664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"94956778-7E73-4B42-B7B1-0D11837B8476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*\",\"matchCriteriaId\":\"AC54BF41-2BF6-4604-AEFA-532453AB91E5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.3\",\"matchCriteriaId\":\"F1F650EC-4778-4233-9CF5-2B809CE4C799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"A588615E-EE35-4E19-8BDA-598ED9664686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"3E61C168-482B-412A-97E8-B1C651797EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"32024B14-B4F7-466E-AEF2-0D3A7E8E1060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"D137F48A-E670-4BDB-B003-C6BB2A33F250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"85AB4EDB-408D-4D2F-95BE-B578455EFA4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"0B256D38-257B-4C3D-9EA5-2255BF3A329C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"158AEA23-B5DB-4CBC-8391-2D97233A8E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"218FBDC4-29AF-4BA1-A3FE-4E19B0E3E654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"77F31F4B-5305-4D75-9277-95EF99A969A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"BDE11F09-3D57-4CF0-8165-90FB234CC403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"99118352-6845-4704-B4A3-F98E8C06E0FD\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/54992\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37746\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1022344\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3639\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1950\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/35260\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1621\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/54992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1022344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2009-1697

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-1697

Aliases

CVE-2009-1697

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1697",
    "description": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.",
    "id": "GSD-2009-1697",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1697.html",
      "https://www.debian.org/security/2009/dsa-1950"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1697"
      ],
      "details": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.",
      "id": "GSD-2009-1697",
      "modified": "2023-12-13T01:19:47.840549Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1697",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1022344",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1022344"
          },
          {
            "name": "http://support.apple.com/kb/HT3639",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3639"
          },
          {
            "name": "43068",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "name": "ADV-2009-1621",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1621"
          },
          {
            "name": "ADV-2011-0212",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "APPLE-SA-2009-06-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
          },
          {
            "name": "35260",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/35260"
          },
          {
            "name": "ADV-2009-1522",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1522"
          },
          {
            "name": "37746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37746"
          },
          {
            "name": "APPLE-SA-2009-06-17-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
          },
          {
            "name": "DSA-1950",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1950"
          },
          {
            "name": "SUSE-SR:2011:002",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "35379",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35379"
          },
          {
            "name": "54992",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/54992"
          },
          {
            "name": "http://support.apple.com/kb/HT3613",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3613"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0_beta",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1697"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35260",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/35260"
            },
            {
              "name": "APPLE-SA-2009-06-08-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
            },
            {
              "name": "35379",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35379"
            },
            {
              "name": "ADV-2009-1522",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1522"
            },
            {
              "name": "http://support.apple.com/kb/HT3613",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT3613"
            },
            {
              "name": "1022344",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1022344"
            },
            {
              "name": "54992",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/54992"
            },
            {
              "name": "ADV-2009-1621",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1621"
            },
            {
              "name": "APPLE-SA-2009-06-17-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3639",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3639"
            },
            {
              "name": "DSA-1950",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1950"
            },
            {
              "name": "37746",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37746"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-02-17T06:43Z",
      "publishedDate": "2009-06-10T18:00Z"
    }
  }
}

ghsa-wpgx-8qqv-qrcq

Vulnerability from github

Published

2022-05-02 03:27

Modified

2022-05-02 03:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-10T18:00:00Z",
    "severity": "MODERATE"
  },
  "details": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.",
  "id": "GHSA-wpgx-8qqv-qrcq",
  "modified": "2022-05-02T03:27:33Z",
  "published": "2022-05-02T03:27:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1697"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/54992"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37746"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1022344"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3639"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1950"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1621"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-223

Vulnerability from certfr_avis

De multiples vulnérabilités dans Apple Safari permettant, entre autre, l'exécution de code arbitraire à distance ont été corrigées.

Description

De multiples vulnérabilités dans Apple Safari ont été corrigées dont :

Des images identifiées comme des fichiers HTML permettent l'exécution automatique de Javascript ;
plusieurs corruptions mémoire affectant le composant CoreGraphics permettent l'exécution de code arbitraire (Microsoft Windows) à distance ;
plusieurs vulnérabilités affectent le composant WebKit et permettent, entre autre, des attaques en XSS ou l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de Safari antérieures à 4.0 pour les systèmes d'exploitation suivants :

Mac OS X 10.4.x ;
Mac OS X 10.5.x ;
Mac OS X Server 10.4.x ;
Mac OS X Server 10.5.x ;
Windows XP ;
Windows Vista.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3613 du 8 juin 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3613 du 08 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions de Safari ant\u00e9rieures \u00e0  4.0 pour les syst\u00e8mes d\u0027exploitation suivants :  \u003cUL\u003e    \u003cLI\u003eMac OS X 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.4.x ;\u003c/LI\u003e    \u003cLI\u003eMac OS X Server 10.5.x ;\u003c/LI\u003e    \u003cLI\u003eWindows XP ;\u003c/LI\u003e    \u003cLI\u003eWindows Vista.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans Apple Safari ont \u00e9t\u00e9 corrig\u00e9es dont :\n\n-   Des images identifi\u00e9es comme des fichiers HTML permettent\n    l\u0027ex\u00e9cution automatique de Javascript ;\n-   plusieurs corruptions m\u00e9moire affectant le composant CoreGraphics\n    permettent l\u0027ex\u00e9cution de code arbitraire (Microsoft Windows) \u00e0\n    distance ;\n-   plusieurs vuln\u00e9rabilit\u00e9s affectent le composant WebKit et\n    permettent, entre autre, des attaques en XSS ou l\u0027ex\u00e9cution de code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2783"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1710"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2009-1696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1696"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1707"
    },
    {
      "name": "CVE-2009-1709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1709"
    },
    {
      "name": "CVE-2009-1708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1708"
    },
    {
      "name": "CVE-2009-1704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1704"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1682"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2009-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1705"
    },
    {
      "name": "CVE-2009-1703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1703"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-1712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1712"
    },
    {
      "name": "CVE-2009-1714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1714"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3632"
    },
    {
      "name": "CVE-2009-1681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1681"
    },
    {
      "name": "CVE-2009-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1718"
    },
    {
      "name": "CVE-2008-1588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1588"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1713"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1716"
    },
    {
      "name": "CVE-2009-1706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1706"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2008-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2321"
    },
    {
      "name": "CVE-2009-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1711"
    },
    {
      "name": "CVE-2008-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4231"
    },
    {
      "name": "CVE-2009-1715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1715"
    }
  ],
  "initial_release_date": "2009-06-10T00:00:00",
  "last_revision_date": "2009-06-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 08 juin 2009 :",
      "url": "http://support.apple.com/kb/HT3613"
    }
  ],
  "reference": "CERTA-2009-AVI-223",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple Safari permettant, entre autre,\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3613 du 8 juin 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-243

Vulnerability from certfr_avis

De multiples vulérabilités permettant de réaliser un grand nombre d'actions malveillantes ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch.

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation des iPhones et des iPods Touch. L'exploitation de ces vulnérabilités permet à une personne malveillante de réaliser un grand nombre d'actions, dont l'execution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple iPod Touch Os versions antérieures à la version 3.0.
	Apple	N/A	Apple iPhone Os versions antérieures à la version 3.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3639 du 17 juin 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPod Touch Os versions ant\u00e9rieures \u00e0 la version 3.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iPhone Os versions ant\u00e9rieures \u00e0 la version 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch. L\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s permet \u00e0 une personne malveillante de r\u00e9aliser un grand\nnombre d\u0027actions, dont l\u0027execution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0147"
    },
    {
      "name": "CVE-2009-1702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1702"
    },
    {
      "name": "CVE-2008-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3652"
    },
    {
      "name": "CVE-2008-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
    },
    {
      "name": "CVE-2009-1697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1697"
    },
    {
      "name": "CVE-2009-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0155"
    },
    {
      "name": "CVE-2008-4225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
    },
    {
      "name": "CVE-2009-1694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1694"
    },
    {
      "name": "CVE-2009-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0153"
    },
    {
      "name": "CVE-2009-1686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1686"
    },
    {
      "name": "CVE-2009-1688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1688"
    },
    {
      "name": "CVE-2008-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
    },
    {
      "name": "CVE-2009-1685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1685"
    },
    {
      "name": "CVE-2008-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3651"
    },
    {
      "name": "CVE-2009-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0040"
    },
    {
      "name": "CVE-2009-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1683"
    },
    {
      "name": "CVE-2009-1698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1698"
    },
    {
      "name": "CVE-2009-1701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1701"
    },
    {
      "name": "CVE-2009-1693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1693"
    },
    {
      "name": "CVE-2009-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1684"
    },
    {
      "name": "CVE-2008-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2320"
    },
    {
      "name": "CVE-2009-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0165"
    },
    {
      "name": "CVE-2008-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
    },
    {
      "name": "CVE-2009-1695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1695"
    },
    {
      "name": "CVE-2008-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3623"
    },
    {
      "name": "CVE-2008-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4409"
    },
    {
      "name": "CVE-2009-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1679"
    },
    {
      "name": "CVE-2009-1692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1692"
    },
    {
      "name": "CVE-2009-1691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1691"
    },
    {
      "name": "CVE-2009-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0145"
    },
    {
      "name": "CVE-2009-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0146"
    },
    {
      "name": "CVE-2009-1179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1179"
    },
    {
      "name": "CVE-2009-1689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1689"
    },
    {
      "name": "CVE-2009-1687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1687"
    },
    {
      "name": "CVE-2009-1699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1699"
    },
    {
      "name": "CVE-2009-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0946"
    },
    {
      "name": "CVE-2009-1680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1680"
    },
    {
      "name": "CVE-2009-0958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0958"
    },
    {
      "name": "CVE-2009-0959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0959"
    },
    {
      "name": "CVE-2009-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1700"
    },
    {
      "name": "CVE-2009-1690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1690"
    },
    {
      "name": "CVE-2009-0961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0961"
    },
    {
      "name": "CVE-2009-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945"
    }
  ],
  "initial_release_date": "2009-06-19T00:00:00",
  "last_revision_date": "2009-06-19T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-243",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vul\u00e9rabilit\u00e9s permettant de r\u00e9aliser un grand nombre\nd\u0027actions malveillantes ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation des iPhones et des iPods Touch.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de l\u0027OS iPhone et iPod Touch d\u0027Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3639 du 17 juin 2009",
      "url": "http://support.apple.com/kb/HT3639"
    }
  ]
}

var-200901-0740

Vulnerability from variot

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input. A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. An XMLHttpRequest missing the Host header could reach other websites on the same server, allowing attacker-supplied JavaScript to interact with those websites.

For more information: SA35379 SA35449 SA35581 SA37396

SOLUTION: Apply updated packages. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Apple Safari Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA35379

VERIFY ADVISORY: http://secunia.com/advisories/35379/

DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.

1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font.

Successful exploitation may allow execution of arbitrary code.

2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system.

For more information: SA34723

3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system.

For more information: SA33970

4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page.

Other vulnerabilities have also been reported of which some may also affect Safari version 3.x.

SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities.

PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc.

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613

Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html

OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/

SA34723: http://secunia.com/advisories/34723/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Debian Security Advisory DSA-1950 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 12, 2009 http://www.debian.org/security/faq

Package : webkit Vulnerability : several Problem type : remote (local) Debian-specific: no CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 Debian Bug : 532724 532725 534946 535793 538346

Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption.

CVE-2009-1687

The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

CVE-2009-1690

Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

CVE-2009-1698

WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVE-2009-1711

WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

CVE-2009-1712

WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

CVE-2009-1725

WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVE-2009-1710

WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

CVE-2009-1692

WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

For the stable distribution (lenny), these problems has been fixed in version 1.0.1-4+lenny2.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.1.16-1.

We recommend that you upgrade your webkit package.

Upgrade instructions

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny

Debian (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466

http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab

Architecture independent packages:

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950

arm architecture (ARM)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70

http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s =DBEQ -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------

Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).

Request a free trial: http://secunia.com/products/corporate/vim/

TITLE: SUSE update for Multiple Packages

SECUNIA ADVISORY ID: SA43068

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

RELEASE DATE: 2011-01-25

DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/43068/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=43068

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0740",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.0_beta"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "0.9"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "0.8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0 to  2.2.1"
      },
      {
        "model": "ios for ipod touch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.1 to  2.2.1"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.31"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "2.0.172.30"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.61"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.3.1549"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.30"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.29"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.2.149.27"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.65"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.64"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.59"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.55"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.53"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.48"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.46"
      },
      {
        "model": "chrome",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "1.0.154.36"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.4"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.3"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipod touch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os_for_ipod_touch",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sergio AlvarezBilly RiosBruce MortonMichael Hay",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1697",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-1697",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-39143",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-1697",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-1697",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200906-181",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-39143",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. \nNOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:\n35321 WebKit XML External Entity Information Disclosure Vulnerability\n35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability\n35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability\n35322 WebKit \u0027Canvas\u0027 HTML Element Image Capture Remote Information Disclosure Vulnerability\n35319 WebKit \u0027document.implementation\u0027 Cross Domain Scripting Vulnerability\n35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability\n35317 WebKit Subframe Click Jacking Vulnerability\n35318 WebKit CSS \u0027Attr\u0027 Function Remote Code Execution Vulnerability\n35315 WebKit JavaScript \u0027onload()\u0027 Event Cross Domain Scripting Vulnerability\n35310 WebKit \u0027Attr\u0027 DOM Objects Remote Code Execution Vulnerability\n35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability\n35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability\n35284 WebKit \u0027Document()\u0027 Function Remote Information Disclosure Vulnerability\n35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability\n35270 WebKit \u0027XMLHttpRequest\u0027 HTTP Response Splitting Vulnerability\n35272 WebKit Drag Event Remote Information Disclosure Vulnerability\n35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability\n33276 Multiple Browser JavaScript Engine \u0027Math.Random()\u0027 Cross Domain Information Disclosure Vulnerability\n35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability\n35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability\n35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability\n35350 WebKit Java Applet Remote Code Execution Vulnerability\n35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability\n35348 WebKit Web Inspector Cross Site Scripting Vulnerability\n35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability\n35351 Apple Safari \u0027open-help-anchor\u0027 URI Handler Remote Code Execution Vulnerability\n35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability\n35333 WebKit File Enumeration Information Disclosure Vulnerability\n35327 WebKit \u0027Location\u0027 and \u0027History\u0027 Objects Cross Site Scripting Vulnerability\n35332 WebKit \u0027about:blank\u0027 Security Bypass Vulnerability\n35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability\n35331 WebKit \u0027Canvas\u0027 SVG Image Capture Remote Information Disclosure Vulnerability\n35328 WebKit Frame Transition Cross Domain Scripting Vulnerability\n35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability\n35344 Apple Safari CFNetwork Script Injection Weakness\n35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input. \nA remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. \nNOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. An XMLHttpRequest missing the Host header could reach other websites on the same server, allowing attacker-supplied JavaScript to interact with those websites. \n\nFor more information:\nSA35379\nSA35449\nSA35581\nSA37396\n\nSOLUTION:\nApply updated packages. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA35379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35379/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple Safari, which can be\nexploited by malicious people to disclose sensitive information or\ncompromise a user\u0027s system. \n\n1) An error in the handling of TrueType fonts can be exploited to\ncorrupt memory when a user visits a web site embedding a specially\ncrafted font. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) Some vulnerabilities in FreeType can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA34723\n\n3) Some vulnerabilities in libpng can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA33970\n\n4) An error in the processing of external entities in XML files can\nbe exploited to read files from the user\u0027s system when a users visits\na specially crafted web page. \n\nOther vulnerabilities have also been reported of which some may also\naffect Safari version 3.x. \n\nSOLUTION:\nUpgrade to Safari version 4, which fixes the vulnerabilities. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Tavis Ormandy\n4) Chris Evans of Google Inc. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3613\n\nChris Evans:\nhttp://scary.beasts.org/security/CESA-2009-006.html\n\nOTHER REFERENCES:\nSA33970:\nhttp://secunia.com/advisories/33970/\n\nSA34723:\nhttp://secunia.com/advisories/34723/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1950                  security@debian.org\nhttp://www.debian.org/security/                      Giuseppe Iuculano\nDecember 12, 2009                   http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage        : webkit\nVulnerability  : several\nProblem type   : remote (local)\nDebian-specific: no\nCVE Id         : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698\n                 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714\n                 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693\n                 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692\nDebian Bug     : 532724 532725 534946 535793 538346\n\n\nSeveral vulnerabilities have been discovered in webkit, a Web content engine\nlibrary for Gtk+. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-0945\n\nArray index error in the insertItemBefore method in WebKit, allows remote\nattackers to execute arbitrary code via a document with a SVGPathList data\nstructure containing a negative index in the SVGTransformList, SVGStringList,\nSVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,\nwhich triggers memory corruption. \n\n\nCVE-2009-1687\n\nThe JavaScript garbage collector in WebKit does not properly handle allocation\nfailures, which allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted HTML\ndocument that triggers write access to an \"offset of a NULL pointer.\"\n\n\nCVE-2009-1690\n\nUse-after-free vulnerability in WebKit, allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and application\ncrash) by setting an unspecified property of an HTML tag that causes child\nelements to be freed and later accessed when an HTML error occurs, related to\n\"recursion in certain DOM event handlers.\"\n\n\nCVE-2009-1698\n\nWebKit does not initialize a pointer during handling of a Cascading Style Sheets\n(CSS) attr function call with a large numerical argument, which allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted HTML document. \n\n\nCVE-2009-1711\n\nWebKit does not properly initialize memory for Attr DOM objects, which allows\nremote attackers to execute arbitrary code or cause a denial of service\n(application crash) via a crafted HTML document. \n\n\nCVE-2009-1712\n\nWebKit does not prevent remote loading of local Java applets, which allows\nremote attackers to execute arbitrary code, gain privileges, or obtain sensitive\ninformation via an APPLET or OBJECT element. \n\n\nCVE-2009-1725\n\nWebKit do not properly handle numeric character references, which allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted HTML document. \n\n\nCVE-2009-1710\n\nWebKit allows remote attackers to spoof the browser\u0027s display of the host name,\nsecurity indicators, and unspecified other UI elements via a custom cursor in\nconjunction with a modified CSS3 hotspot property. \n\n\nCVE-2009-1692\n\nWebKit allows remote attackers to cause a denial of service (memory consumption\nor device reset) via a web page containing an HTMLSelectElement object with a\nlarge length attribute, related to the length property of a Select object. \n\n\n\nFor the stable distribution (lenny), these problems has been fixed in\nversion 1.0.1-4+lenny2. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.1.16-1. \n\n\nWe recommend that you upgrade your webkit package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,\nmips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz\n    Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466\n\nhttp://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz\n    Size/MD5 checksum:    35369 506c8f2fef73a9fc856264f11a3ad27e\n  http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc\n    Size/MD5 checksum:     1447 b5f01d6428f01d79bfe18338064452ab\n\nArchitecture independent packages:\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb\n    Size/MD5 checksum:    35164 df682bbcd13389c2f50002c2aaf7347b\n\nalpha architecture (DEC Alpha)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb\n    Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb\n    Size/MD5 checksum:  4254938 252b95b962bda11c000f9c0543673c1b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb\n    Size/MD5 checksum:  3502994 4a96cad1e302e7303d41d6f866215da4\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb\n    Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950\n\narm architecture (ARM)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb\n    Size/MD5 checksum:  2721324 1fac2f59ffa9e3d7b8697aae262f09e4\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb\n    Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff\n\narmel architecture (ARM EABI)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb\n    Size/MD5 checksum:  2770654 5b88754e9804d9290537afdf6127643a\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb\n    Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490\n\nhppa architecture (HP PA RISC)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb\n    Size/MD5 checksum:  3869020 c61be734b6511788e8cc235a5d672eab\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb\n    Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30\n\ni386 architecture (Intel ia32)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb\n    Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb\n    Size/MD5 checksum:  3016584 b854f5294527adac80e9776efed37cd7\n\nia64 architecture (Intel ia64)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb\n    Size/MD5 checksum:  5547624 2bd2100a345089282117317a9ab2e7d1\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb\n    Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c\n\nmips architecture (MIPS (Big Endian))\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb\n    Size/MD5 checksum:  3109134 a680a8f105a19bf1b21a5034c14c4822\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb\n    Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013\n\nmipsel architecture (MIPS (Little Endian))\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb\n    Size/MD5 checksum:  2992848 952d643be475c35e253a8757075cd41b\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb\n    Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec\n\ns390 architecture (IBM S/390)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb\n    Size/MD5 checksum:  3456914 6fc856a50b3f899c36381ed8d51af44e\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb\n    Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb\n    Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb\n    Size/MD5 checksum:  3499170 3f2084d6416459ce1416bd6f6f2845e3\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL\nV5YAmwRkz4XNwdcqnPzdeDzoakljqf1s\n=DBEQ\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for Multiple Packages\n\nSECUNIA ADVISORY ID:\nSA43068\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43068/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nRELEASE DATE:\n2011-01-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43068/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43068/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for multiple packages, which fixes multiple\nvulnerabilities",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35270"
      },
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "db": "PACKETSTORM",
        "id": "83813"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "PACKETSTORM",
        "id": "83759"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1697",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "35379",
        "trust": 2.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1522",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1621",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "54992",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1022344",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "35260",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "37746",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "43068",
        "trust": 1.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2011-0212",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2009-06-17-1",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2009-06-08-1",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "35270",
        "trust": 0.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-033",
        "trust": 0.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-034",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-39143",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83813",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "78192",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83759",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "97846",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "PACKETSTORM",
        "id": "83813"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "PACKETSTORM",
        "id": "83759"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "id": "VAR-200901-0740",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:47:41.523000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT3613",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3613"
      },
      {
        "title": "HT3639",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3639"
      },
      {
        "title": "HT3639",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3639?viewlocale=ja_JP"
      },
      {
        "title": "HT3613",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT3613?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://osvdb.org/54992"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1022344"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/35379"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/1522"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/1621"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht3613"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/35260"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht3639"
      },
      {
        "trust": 1.2,
        "url": "http://www.debian.org/security/2009/dsa-1950"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/37746"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/43068"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2011/0212"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1697"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1697"
      },
      {
        "trust": 0.6,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.6,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-034/"
      },
      {
        "trust": 0.4,
        "url": "http://scary.beasts.org/security/cesa-2009-006.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-033/"
      },
      {
        "trust": 0.3,
        "url": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.google.com/chrome"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/504187"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/504189"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/504179"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/35379/"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb"
      },
      {
        "trust": 0.2,
        "url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37746/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35449/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35581/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37396/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/33970/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34723/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1697"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1712"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1687"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1698"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1690"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1681"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1692"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0945"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1694"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1684"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1695"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1725"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/evm/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/43068/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "PACKETSTORM",
        "id": "83813"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "PACKETSTORM",
        "id": "83759"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "db": "PACKETSTORM",
        "id": "83813"
      },
      {
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "db": "PACKETSTORM",
        "id": "83759"
      },
      {
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-06-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "date": "2009-06-08T00:00:00",
        "db": "BID",
        "id": "35260"
      },
      {
        "date": "2009-06-08T00:00:00",
        "db": "BID",
        "id": "35270"
      },
      {
        "date": "2009-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "date": "2009-12-14T16:22:20",
        "db": "PACKETSTORM",
        "id": "83813"
      },
      {
        "date": "2009-06-10T12:30:42",
        "db": "PACKETSTORM",
        "id": "78192"
      },
      {
        "date": "2009-12-13T23:35:12",
        "db": "PACKETSTORM",
        "id": "83759"
      },
      {
        "date": "2011-01-25T03:59:20",
        "db": "PACKETSTORM",
        "id": "97846"
      },
      {
        "date": "2009-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "date": "2009-06-10T18:00:00.483000",
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-02-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-39143"
      },
      {
        "date": "2009-06-12T22:19:00",
        "db": "BID",
        "id": "35260"
      },
      {
        "date": "2015-03-19T08:51:00",
        "db": "BID",
        "id": "35270"
      },
      {
        "date": "2009-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      },
      {
        "date": "2009-06-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      },
      {
        "date": "2024-11-21T01:03:07.347000",
        "db": "NVD",
        "id": "CVE-2009-1697"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "35260"
      },
      {
        "db": "BID",
        "id": "35270"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple In product  XMLHttpRequest Processing  CRLF Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001772"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-181"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2009-1697

Vulnerability from fkie_nvd

Published

2009-06-10 18:00

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitre.org	http://osvdb.org/54992
cve@mitre.org	http://secunia.com/advisories/35379	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37746
cve@mitre.org	http://secunia.com/advisories/43068
cve@mitre.org	http://securitytracker.com/id?1022344	Patch
cve@mitre.org	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3639
cve@mitre.org	http://www.debian.org/security/2009/dsa-1950
cve@mitre.org	http://www.securityfocus.com/bid/35260	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1621
cve@mitre.org	http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/54992
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37746
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022344	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3613	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3639
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1950
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35260	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1522	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1621
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0212

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	0.8
apple	safari	0.9
apple	safari	1.0
apple	safari	1.0.3
apple	safari	1.1
apple	safari	1.2
apple	safari	1.3
apple	safari	1.3.1
apple	safari	1.3.2
apple	safari	2.0
apple	safari	2.0.2
apple	safari	2.0.4
apple	safari	3.0
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4
apple	safari	3.1
apple	safari	3.1.1
apple	safari	3.1.2
apple	safari	3.2.1
apple	safari	3.2.3
apple	safari	*
apple	safari	3.0
apple	safari	3.0.1
apple	safari	3.0.2
apple	safari	3.0.3
apple	safari	3.0.4
apple	safari	3.1
apple	safari	3.1.1
apple	safari	3.1.2
apple	safari	3.2
apple	safari	3.2.1
apple	safari	3.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*",
              "matchCriteriaId": "2AA3463B-FB1D-4957-A738-946399B1B9DB",
              "versionEndIncluding": "4.0_beta",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1F5F96DD-BD44-497B-A05E-326819BC46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*",
              "matchCriteriaId": "2B00DC91-9895-405E-B9B4-211ABC3728DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "82C4A098-7EAC-4611-B621-3F0EB1B15960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "56B016E7-C403-42AC-BF75-9BA723122A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "83CFAFD2-630E-4DB9-B187-6918CFE3075C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "F03B8DC9-B295-42A8-904F-3D1F827FFECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1876BC3B-B207-4E81-A0A7-259AFE6F2DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "03BBCC9D-E160-4614-B2B8-6359FE644E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CDB6B46E-30E1-4E16-A941-F5E19AB34493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "E783789C-C5D4-47A2-A947-D19793B182E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "CE3C68CF-21A2-47D8-84F2-FD3219E90043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*",
              "matchCriteriaId": "4D4AD962-D9AD-48E5-9B53-E3C1593D43CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*",
              "matchCriteriaId": "30FA25DB-3525-4755-B038-6572B2457CF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*",
              "matchCriteriaId": "9270F5C4-63B9-48C5-9D6D-9CDA1461205C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "9BE1D829-A6C9-4B5C-971B-5515FB92061D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*",
              "matchCriteriaId": "8BC133D1-E120-4B84-85DC-1D528CB77FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "90D8505E-35D2-40A1-9D75-1A023C4DD65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "1D087ECA-D214-4A6B-8F64-7F8AABB14706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*",
              "matchCriteriaId": "B4ABDE92-E8A8-431D-BF9C-9A54667A8664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*",
              "matchCriteriaId": "94956778-7E73-4B42-B7B1-0D11837B8476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*",
              "matchCriteriaId": "AC54BF41-2BF6-4604-AEFA-532453AB91E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F1F650EC-4778-4233-9CF5-2B809CE4C799",
              "versionEndIncluding": "3.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "32024B14-B4F7-466E-AEF2-0D3A7E8E1060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
              "matchCriteriaId": "D137F48A-E670-4BDB-B003-C6BB2A33F250",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*",
              "matchCriteriaId": "85AB4EDB-408D-4D2F-95BE-B578455EFA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "0B256D38-257B-4C3D-9EA5-2255BF3A329C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "158AEA23-B5DB-4CBC-8391-2D97233A8E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "218FBDC4-29AF-4BA1-A3FE-4E19B0E3E654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*",
              "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BDE11F09-3D57-4CF0-8165-90FB234CC403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "99118352-6845-4704-B4A3-F98E8C06E0FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF (se refiere a CR (retorno de carro) y LF (salto de l\u00ednea)) en WebKit en Apple Safari anterior a v4.0. Permite a atacantes remotos inyectar cabeceras HTTP y saltarse la pol\u00edtica \"Same Origin\" a trav\u00e9s de un documento HTML manipulado, relativo a ataques de secuencias de comandos en sitios cruzados (XSS) que dependen de la comunicaci\u00f3n con sitios Web arbitrarios dentro del mismo servidor Web, mediante el uso de XMLHttpRequest sin la cabecera Host."
    }
  ],
  "id": "CVE-2009-1697",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-10T18:00:00.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/54992"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1022344"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3639"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1950"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1022344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/35260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-1697 (GCVE-0-2009-1697)

Vulnerability from cvelistv5

gsd-2009-1697

Vulnerability from gsd

ghsa-wpgx-8qqv-qrcq

Vulnerability from github

CERTA-2009-AVI-223

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-AVI-243

Vulnerability from certfr_avis

Description

Solution

var-200901-0740

Vulnerability from variot

fkie_cve-2009-1697

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature