var-200901-0740
Vulnerability from variot
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input. A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. An XMLHttpRequest missing the Host header could reach other websites on the same server, allowing attacker-supplied JavaScript to interact with those websites.
For more information: SA35379 SA35449 SA35581 SA37396
SOLUTION: Apply updated packages. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA35379
VERIFY ADVISORY: http://secunia.com/advisories/35379/
DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system.
For more information: SA34723
3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system.
For more information: SA33970
4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page.
Other vulnerabilities have also been reported of which some may also affect Safari version 3.x.
SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613
Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/
SA34723: http://secunia.com/advisories/34723/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1950 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 12, 2009 http://www.debian.org/security/faq
Package : webkit Vulnerability : several Problem type : remote (local) Debian-specific: no CVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 Debian Bug : 532724 532725 534946 535793 538346
Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
CVE-2009-1690
Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
CVE-2009-1698
WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVE-2009-1711
WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
CVE-2009-1712
WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
CVE-2009-1725
WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
CVE-2009-1710
WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
CVE-2009-1692
WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
For the stable distribution (lenny), these problems has been fixed in version 1.0.1-4+lenny2.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.1.16-1.
We recommend that you upgrade your webkit package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab
Architecture independent packages:
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3
These files will probably be moved into the stable distribution on its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
iEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL V5YAmwRkz4XNwdcqnPzdeDzoakljqf1s =DBEQ -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: SUSE update for Multiple Packages
SECUNIA ADVISORY ID: SA43068
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE: 2011-01-25
DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0740",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 2.2,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.0_beta"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "0.9"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "1.0 to 2.2.1"
},
{
"model": "ios for ipod touch",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "1.1 to 2.2.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.4"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.1549"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.36"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipod touch",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "iphone",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "35260"
},
{
"db": "BID",
"id": "35270"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os_for_ipod_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergio AlvarezBilly RiosBruce MortonMichael Hay",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1697",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-1697",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-39143",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-1697",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-1697",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39143",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39143"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. \nNOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID:\n35321 WebKit XML External Entity Information Disclosure Vulnerability\n35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability\n35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability\n35322 WebKit \u0027Canvas\u0027 HTML Element Image Capture Remote Information Disclosure Vulnerability\n35319 WebKit \u0027document.implementation\u0027 Cross Domain Scripting Vulnerability\n35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability\n35317 WebKit Subframe Click Jacking Vulnerability\n35318 WebKit CSS \u0027Attr\u0027 Function Remote Code Execution Vulnerability\n35315 WebKit JavaScript \u0027onload()\u0027 Event Cross Domain Scripting Vulnerability\n35310 WebKit \u0027Attr\u0027 DOM Objects Remote Code Execution Vulnerability\n35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability\n35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability\n35284 WebKit \u0027Document()\u0027 Function Remote Information Disclosure Vulnerability\n35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability\n35270 WebKit \u0027XMLHttpRequest\u0027 HTTP Response Splitting Vulnerability\n35272 WebKit Drag Event Remote Information Disclosure Vulnerability\n35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability\n33276 Multiple Browser JavaScript Engine \u0027Math.Random()\u0027 Cross Domain Information Disclosure Vulnerability\n35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability\n35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability\n35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability\n35350 WebKit Java Applet Remote Code Execution Vulnerability\n35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability\n35348 WebKit Web Inspector Cross Site Scripting Vulnerability\n35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability\n35351 Apple Safari \u0027open-help-anchor\u0027 URI Handler Remote Code Execution Vulnerability\n35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability\n35333 WebKit File Enumeration Information Disclosure Vulnerability\n35327 WebKit \u0027Location\u0027 and \u0027History\u0027 Objects Cross Site Scripting Vulnerability\n35332 WebKit \u0027about:blank\u0027 Security Bypass Vulnerability\n35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability\n35331 WebKit \u0027Canvas\u0027 SVG Image Capture Remote Information Disclosure Vulnerability\n35328 WebKit Frame Transition Cross Domain Scripting Vulnerability\n35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability\n35344 Apple Safari CFNetwork Script Injection Weakness\n35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability. WebKit is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input. \nA remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. \nNOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Safari is the web browser bundled by default in the Apple family machine operating system. An XMLHttpRequest missing the Host header could reach other websites on the same server, allowing attacker-supplied JavaScript to interact with those websites. \n\nFor more information:\nSA35379\nSA35449\nSA35581\nSA37396\n\nSOLUTION:\nApply updated packages. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA35379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35379/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple Safari, which can be\nexploited by malicious people to disclose sensitive information or\ncompromise a user\u0027s system. \n\n1) An error in the handling of TrueType fonts can be exploited to\ncorrupt memory when a user visits a web site embedding a specially\ncrafted font. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) Some vulnerabilities in FreeType can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA34723\n\n3) Some vulnerabilities in libpng can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA33970\n\n4) An error in the processing of external entities in XML files can\nbe exploited to read files from the user\u0027s system when a users visits\na specially crafted web page. \n\nOther vulnerabilities have also been reported of which some may also\naffect Safari version 3.x. \n\nSOLUTION:\nUpgrade to Safari version 4, which fixes the vulnerabilities. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Tavis Ormandy\n4) Chris Evans of Google Inc. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3613\n\nChris Evans:\nhttp://scary.beasts.org/security/CESA-2009-006.html\n\nOTHER REFERENCES:\nSA33970:\nhttp://secunia.com/advisories/33970/\n\nSA34723:\nhttp://secunia.com/advisories/34723/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1950 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nDecember 12, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : webkit\nVulnerability : several\nProblem type : remote (local)\nDebian-specific: no\nCVE Id : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698\n CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714\n CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693\n CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692\nDebian Bug : 532724 532725 534946 535793 538346\n\n\nSeveral vulnerabilities have been discovered in webkit, a Web content engine\nlibrary for Gtk+. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-0945\n\nArray index error in the insertItemBefore method in WebKit, allows remote\nattackers to execute arbitrary code via a document with a SVGPathList data\nstructure containing a negative index in the SVGTransformList, SVGStringList,\nSVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,\nwhich triggers memory corruption. \n\n\nCVE-2009-1687\n\nThe JavaScript garbage collector in WebKit does not properly handle allocation\nfailures, which allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted HTML\ndocument that triggers write access to an \"offset of a NULL pointer.\"\n\n\nCVE-2009-1690\n\nUse-after-free vulnerability in WebKit, allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and application\ncrash) by setting an unspecified property of an HTML tag that causes child\nelements to be freed and later accessed when an HTML error occurs, related to\n\"recursion in certain DOM event handlers.\"\n\n\nCVE-2009-1698\n\nWebKit does not initialize a pointer during handling of a Cascading Style Sheets\n(CSS) attr function call with a large numerical argument, which allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted HTML document. \n\n\nCVE-2009-1711\n\nWebKit does not properly initialize memory for Attr DOM objects, which allows\nremote attackers to execute arbitrary code or cause a denial of service\n(application crash) via a crafted HTML document. \n\n\nCVE-2009-1712\n\nWebKit does not prevent remote loading of local Java applets, which allows\nremote attackers to execute arbitrary code, gain privileges, or obtain sensitive\ninformation via an APPLET or OBJECT element. \n\n\nCVE-2009-1725\n\nWebKit do not properly handle numeric character references, which allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted HTML document. \n\n\nCVE-2009-1710\n\nWebKit allows remote attackers to spoof the browser\u0027s display of the host name,\nsecurity indicators, and unspecified other UI elements via a custom cursor in\nconjunction with a modified CSS3 hotspot property. \n\n\nCVE-2009-1692\n\nWebKit allows remote attackers to cause a denial of service (memory consumption\nor device reset) via a web page containing an HTMLSelectElement object with a\nlarge length attribute, related to the length property of a Select object. \n\n\n\nFor the stable distribution (lenny), these problems has been fixed in\nversion 1.0.1-4+lenny2. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.1.16-1. \n\n\nWe recommend that you upgrade your webkit package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,\nmips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz\n Size/MD5 checksum: 13418752 4de68a5773998bea14e8939aa341c466\n\nhttp://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz\n Size/MD5 checksum: 35369 506c8f2fef73a9fc856264f11a3ad27e\n http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc\n Size/MD5 checksum: 1447 b5f01d6428f01d79bfe18338064452ab\n\nArchitecture independent packages:\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb\n Size/MD5 checksum: 35164 df682bbcd13389c2f50002c2aaf7347b\n\nalpha architecture (DEC Alpha)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb\n Size/MD5 checksum: 65193740 fc8b613c9c41ef0f0d3856e7ee3deeae\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb\n Size/MD5 checksum: 4254938 252b95b962bda11c000f9c0543673c1b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb\n Size/MD5 checksum: 3502994 4a96cad1e302e7303d41d6f866215da4\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb\n Size/MD5 checksum: 62518476 d723a8c76b373026752b6f68e5fc4950\n\narm architecture (ARM)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb\n Size/MD5 checksum: 2721324 1fac2f59ffa9e3d7b8697aae262f09e4\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb\n Size/MD5 checksum: 61478724 260faea7d5ba766268faad888b3e61ff\n\narmel architecture (ARM EABI)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb\n Size/MD5 checksum: 2770654 5b88754e9804d9290537afdf6127643a\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb\n Size/MD5 checksum: 59892062 99c8f13257a054f42686ab9c6329d490\n\nhppa architecture (HP PA RISC)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb\n Size/MD5 checksum: 3869020 c61be734b6511788e8cc235a5d672eab\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb\n Size/MD5 checksum: 63935342 f1db2bd7b5c22e257c74100798017f30\n\ni386 architecture (Intel ia32)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 62161744 f89fc6ac6d1110cabe47dd9184c9a9ca\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb\n Size/MD5 checksum: 3016584 b854f5294527adac80e9776efed37cd7\n\nia64 architecture (Intel ia64)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb\n Size/MD5 checksum: 5547624 2bd2100a345089282117317a9ab2e7d1\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb\n Size/MD5 checksum: 62685224 5eaff5d431cf4a85beeaa0b66c91958c\n\nmips architecture (MIPS (Big Endian))\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb\n Size/MD5 checksum: 3109134 a680a8f105a19bf1b21a5034c14c4822\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb\n Size/MD5 checksum: 64547832 dd440891a1861262bc92deb0a1ead013\n\nmipsel architecture (MIPS (Little Endian))\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 2992848 952d643be475c35e253a8757075cd41b\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb\n Size/MD5 checksum: 62135970 7cd635047e3f9bd000ff4547a47eaaec\n\ns390 architecture (IBM S/390)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 3456914 6fc856a50b3f899c36381ed8d51af44e\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb\n Size/MD5 checksum: 64385860 98ded86952a2c6714ceba76a4a98c35b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 63621854 f0dd17453bc09fdc05c119faf2212d70\n\nhttp://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb\n Size/MD5 checksum: 3499170 3f2084d6416459ce1416bd6f6f2845e3\n\n\n These files will probably be moved into the stable distribution on\n its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAksjbAYACgkQNxpp46476aqm7wCaAk6WARfBzzrdYYoxAUKA5weL\nV5YAmwRkz4XNwdcqnPzdeDzoakljqf1s\n=DBEQ\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSUSE update for Multiple Packages\n\nSECUNIA ADVISORY ID:\nSA43068\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43068/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nRELEASE DATE:\n2011-01-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43068/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43068/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSUSE has issued an update for multiple packages, which fixes multiple\nvulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1697"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "BID",
"id": "35260"
},
{
"db": "BID",
"id": "35270"
},
{
"db": "VULHUB",
"id": "VHN-39143"
},
{
"db": "PACKETSTORM",
"id": "83813"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "83759"
},
{
"db": "PACKETSTORM",
"id": "97846"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1697",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "35379",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2009-1522",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-1621",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "54992",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022344",
"trust": 2.5
},
{
"db": "BID",
"id": "35260",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "37746",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "43068",
"trust": 1.2
},
{
"db": "VUPEN",
"id": "ADV-2011-0212",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200906-181",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-06-17-1",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-06-08-1",
"trust": 0.6
},
{
"db": "BID",
"id": "35270",
"trust": 0.4
},
{
"db": "ZDI",
"id": "ZDI-09-033",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-09-034",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-39143",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83813",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78192",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97846",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39143"
},
{
"db": "BID",
"id": "35260"
},
{
"db": "BID",
"id": "35270"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "PACKETSTORM",
"id": "83813"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "83759"
},
{
"db": "PACKETSTORM",
"id": "97846"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"id": "VAR-200901-0740",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39143"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:47:41.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3613",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3613"
},
{
"title": "HT3639",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3639"
},
{
"title": "HT3639",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3639?viewlocale=ja_JP"
},
{
"title": "HT3613",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3613?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39143"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://osvdb.org/54992"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1022344"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/35379"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3613"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/35260"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3639"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/37746"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/43068"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1697"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1697"
},
{
"trust": 0.6,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-034/"
},
{
"trust": 0.4,
"url": "http://scary.beasts.org/security/cesa-2009-006.html"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-033/"
},
{
"trust": 0.3,
"url": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.3,
"url": "/archive/1/504187"
},
{
"trust": 0.3,
"url": "/archive/1/504189"
},
{
"trust": 0.3,
"url": "/archive/1/504179"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/35379/"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb"
},
{
"trust": 0.2,
"url": "http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37746/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35449/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37396/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33970/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34723/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1712"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1681"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1684"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1695"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1725"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43068"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43068/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43068/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39143"
},
{
"db": "BID",
"id": "35260"
},
{
"db": "BID",
"id": "35270"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "PACKETSTORM",
"id": "83813"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "83759"
},
{
"db": "PACKETSTORM",
"id": "97846"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39143"
},
{
"db": "BID",
"id": "35260"
},
{
"db": "BID",
"id": "35270"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"db": "PACKETSTORM",
"id": "83813"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "83759"
},
{
"db": "PACKETSTORM",
"id": "97846"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39143"
},
{
"date": "2009-06-08T00:00:00",
"db": "BID",
"id": "35260"
},
{
"date": "2009-06-08T00:00:00",
"db": "BID",
"id": "35270"
},
{
"date": "2009-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"date": "2009-12-14T16:22:20",
"db": "PACKETSTORM",
"id": "83813"
},
{
"date": "2009-06-10T12:30:42",
"db": "PACKETSTORM",
"id": "78192"
},
{
"date": "2009-12-13T23:35:12",
"db": "PACKETSTORM",
"id": "83759"
},
{
"date": "2011-01-25T03:59:20",
"db": "PACKETSTORM",
"id": "97846"
},
{
"date": "2009-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"date": "2009-06-10T18:00:00.483000",
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-39143"
},
{
"date": "2009-06-12T22:19:00",
"db": "BID",
"id": "35260"
},
{
"date": "2015-03-19T08:51:00",
"db": "BID",
"id": "35270"
},
{
"date": "2009-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001772"
},
{
"date": "2009-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-181"
},
{
"date": "2024-11-21T01:03:07.347000",
"db": "NVD",
"id": "CVE-2009-1697"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "35260"
},
{
"db": "BID",
"id": "35270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple In product XMLHttpRequest Processing CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001772"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200906-181"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.