CVE-2009-1700

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/54973
http://secunia.com/advisories/35379	Vendor Advisory
http://secunia.com/advisories/43068
http://support.apple.com/kb/HT3613	Patch Vendor Advisory
http://support.apple.com/kb/HT3639
http://www.securityfocus.com/bid/35260	Exploit
http://www.vupen.com/english/advisories/2009/1522	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/54973
http://secunia.com/advisories/35379	Vendor Advisory
http://secunia.com/advisories/43068
http://support.apple.com/kb/HT3613	Patch Vendor Advisory
http://support.apple.com/kb/HT3639
http://www.securityfocus.com/bid/35260	Exploit
http://www.vupen.com/english/advisories/2009/1522	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:2.0:::::::*
	cpe:2.3:a:apple:safari:2.0.0:::::::*
	cpe:2.3:a:apple:safari:2.0.1:::::::*
	cpe:2.3:a:apple:safari:2.0.2:::::::*
	cpe:2.3:a:apple:safari:2.0.3:::::::*
	cpe:2.3:a:apple:safari:2.0.3:417.8::::::
	cpe:2.3:a:apple:safari:2.0.3:417.9::::::
	cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
	cpe:2.3:a:apple:safari:2.0.3:417.9.3::::::
	cpe:2.3:a:apple:safari:2.0.4:::::::*
	cpe:2.3:a:apple:safari:3.0:::::::*
	cpe:2.3:a:apple:safari:3.0.0:::::::*
	cpe:2.3:a:apple:safari:3.0.0b:::::::*
	cpe:2.3:a:apple:safari:3.0.1:::::::*
	cpe:2.3:a:apple:safari:3.0.1:beta::::::
	cpe:2.3:a:apple:safari:3.0.1b:::::::*
	cpe:2.3:a:apple:safari:3.0.2:::::::*
	cpe:2.3:a:apple:safari:3.0.2b:::::::*
	cpe:2.3:a:apple:safari:3.0.3:::::::*
	cpe:2.3:a:apple:safari:3.0.3b:::::::*
	cpe:2.3:a:apple:safari:3.0.4:::::::*
	cpe:2.3:a:apple:safari:3.0.4b:::::::*
	cpe:2.3:a:apple:safari:3.1.0:::::::*
	cpe:2.3:a:apple:safari:3.1.0b:::::::*
	cpe:2.3:a:apple:safari:3.1.1:::::::*
	cpe:2.3:a:apple:safari:3.1.2:::::::*
	cpe:2.3:a:apple:safari:3.2.0:::::::*
	cpe:2.3:a:apple:safari:3.2.1:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.2.1:::::::*

OR	cpe:2.3:h:apple:ipod_touch::::::::
	cpe:2.3:o:apple:iphone_os::::::::

History

21 Nov 2024, 01:03

Type	Values Removed	Values Added
References	~~() http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html -~~	() http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html -
References	~~() http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html - Patch, Vendor Advisory~~	() http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html - Patch, Vendor Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html -
References	~~() http://osvdb.org/54973 -~~	() http://osvdb.org/54973 -
References	~~() http://secunia.com/advisories/35379 - Vendor Advisory~~	() http://secunia.com/advisories/35379 - Vendor Advisory
References	~~() http://secunia.com/advisories/43068 -~~	() http://secunia.com/advisories/43068 -
References	~~() http://support.apple.com/kb/HT3613 - Patch, Vendor Advisory~~	() http://support.apple.com/kb/HT3613 - Patch, Vendor Advisory
References	~~() http://support.apple.com/kb/HT3639 -~~	() http://support.apple.com/kb/HT3639 -
References	~~() http://www.securityfocus.com/bid/35260 - Exploit~~	() http://www.securityfocus.com/bid/35260 - Exploit
References	~~() http://www.vupen.com/english/advisories/2009/1522 - Patch, Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/1522 - Patch, Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2009/1621 -~~	() http://www.vupen.com/english/advisories/2009/1621 -
References	~~() http://www.vupen.com/english/advisories/2011/0212 -~~	() http://www.vupen.com/english/advisories/2011/0212 -

Information

Published : 2009-06-10 18:00

Updated : 2025-04-09 00:30

NVD link : CVE-2009-1700

Mitre link : CVE-2009-1700

CVE.ORG link : CVE-2009-1700

JSON object : View

Products Affected

apple

safari
ipod_touch
iphone_os

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.3 /10