Lucene search

MitreCVE-2009-2200

HistoryAug 12, 2009 - 7:30 p.m.

CVE-2009-2200

2009-08-1219:30:00

CWE-200

mitre

web.nvd.nist.gov

apple safari

webkit

cve-2009-2200

url scheme

vulnerability

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

Affected configurations

Nvd

Node

applemac_os_xMatch10.4.

applemac_os_xMatch10.5.7

applemac_os_xMatch10.5.8

applemac_os_x_serverMatch10.4.11

applemac_os_x_serverMatch10.5.7

applemac_os_x_serverMatch10.5.8

microsoftwindows_vista

microsoftwindows_xp

AND

applesafariRange≤4.0.2

applesafariMatch0.8

applesafariMatch0.9

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.0.385.8

applesafariMatch1.0.385.8.1

applesafariMatch1.1

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch1.3.2312.5

applesafariMatch1.3.2312.6

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.3_417.9.3

applesafariMatch2.0.4

applesafariMatch2.0.4_419.3

applesafariMatch2.0_pre

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1beta

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3522.15.5

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4_beta

applesafariMatch3.0.4b

applesafariMatch3.1

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch3.2.2

applesafariMatch4.0

applesafariMatch4.0beta

applesafariMatch4.0.1

applesafariMatch4.0_beta528.16

applesafariMatch4beta

applesafariMatchbeta2

VendorProductVersionCPE
applesafari1.2.2cpe:/a:apple:safari:1.2.2:::
applesafari3.0.3bcpe:/a:apple:safari:3.0.3b:::
applesafari3.2.1cpe:/a:apple:safari:3.2.1:::
applesafaribeta2cpe:/a:apple:safari:beta2:::
applesafari3.0.1cpe:/a:apple:safari:3.0.1:::
applesafari3.1.0bcpe:/a:apple:safari:3.1.0b:::
applesafari1.1.0cpe:/a:apple:safari:1.1.0:::
applesafari3.0.1bcpe:/a:apple:safari:3.0.1b:::
applesafari3.0.3cpe:/a:apple:safari:3.0.3:::
applesafari1.0.0b2cpe:/a:apple:safari:1.0.0b2:::

Vendor	Product	Version	CPE
apple	safari	1.2.2	cpe:/a:apple:safari:1.2.2:::
apple	safari	3.0.3b	cpe:/a:apple:safari:3.0.3b:::
apple	safari	3.2.1	cpe:/a:apple:safari:3.2.1:::
apple	safari	beta2	cpe:/a:apple:safari:beta2:::
apple	safari	3.0.1	cpe:/a:apple:safari:3.0.1:::
apple	safari	3.1.0b	cpe:/a:apple:safari:3.1.0b:::
apple	safari	1.1.0	cpe:/a:apple:safari:1.1.0:::
apple	safari	3.0.1b	cpe:/a:apple:safari:3.0.1b:::
apple	safari	3.0.3	cpe:/a:apple:safari:3.0.3:::
apple	safari	1.0.0b2	cpe:/a:apple:safari:1.0.0b2:::