Lucene search

MitreCVE-2009-1701

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1701

2009-06-1018:00:00

CWE-399

mitre

web.nvd.nist.gov

cve-2009-1701

webkit

apple safari

iphone os

ipod touch

remote code execution

denial of service

application crash

xml

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.7

Confidence

High

EPSS

0.038

Percentile

92.0%

JSON

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

Affected configurations

Nvd

Node

applesafariRange≤3.2.2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1beta

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

Node

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

AND

appleipod_touch

appleiphone_os

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applesafari2.0cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
applesafari2.0.0cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
applesafari2.0.1cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
applesafari2.0.2cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	safari	2.0	cpe:2.3:a:apple:safari:2.0:::::::*
apple	safari	2.0.0	cpe:2.3:a:apple:safari:2.0.0:::::::*
apple	safari	2.0.1	cpe:2.3:a:apple:safari:2.0.1:::::::*
apple	safari	2.0.2	cpe:2.3:a:apple:safari:2.0.2:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.8::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9.3::::::