Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-1699
HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1699

2009-06-1018:00:00
CWE-611
[email protected]
web.nvd.nist.gov
46
cve-2009-1699
xsl stylesheet
webkit
apple safari
iphone os
xxe attack
dtd
xml external entities
security vulnerability

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an “XXE attack.”

Affected configurations

NVD
Node
applesafariRange<4.0
OR
appleiphone_osRange1.0.02.2.1
Node
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
Node
opensuseopensuseMatch11.2
OR
opensuseopensuseMatch11.3

Related

cvelist 1
nvd 1
prion 1
canvas 1
ubuntucve 1
debiancve 1
openvas 5
nessus 6
ubuntu 1
osv 1
debian 2
seebug 1
cvelist
cvelist
CVE-2009-1699
2009-06-10 17:37:00
nvd
nvd
CVE-2009-1699
2009-06-10 18:00:00
prion
prion
Design/Logic Flaw
2009-06-10 18:00:00
canvas
canvas
Immunity Canvas: SAFARI_FILE_STEALING2
2009-06-10 18:00:00
ubuntucve
ubuntucve
CVE-2009-1699
2009-06-10 00:00:00
debiancve
debiancve
CVE-2009-1699
2009-06-10 18:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-857-1)
2009-11-11 00:00:00
Ubuntu USN-857-1 (qt4-x11)
2009-11-11 00:00:00
Debian: Security Advisory (DSA-1988-1)
2023-03-08 00:00:00
nessus
nessus
Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
2009-11-11 00:00:00
Debian DSA-1988-1 : qt4-x11 - several vulnerabilities
2010-02-24 00:00:00
Mac OS X : Apple Safari < 4.0
2009-06-09 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2009-11-10 00:00:00
osv
osv
qt4-x11 - several vulnerabilities
2010-02-02 00:00:00
debian
debian
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
seebug
seebug
Apple Safari 4.0多个安全漏洞
2009-06-11 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON
Related for CVE-2009-1699
cvelist1nvd1prion1canvas1ubuntucve1debiancve1openvas5nessus6ubuntu1osv1debian2seebug1