Lucene search

[email protected]NVD:CVE-2009-1697

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1697

2009-06-1018:00:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.

Affected configurations

Nvd

Node

applesafariRange≤4.0_betamac

applesafariMatch0.8mac

applesafariMatch0.9mac

applesafariMatch1.0mac

applesafariMatch1.0.3mac

applesafariMatch1.1mac

applesafariMatch1.2mac

applesafariMatch1.3mac

applesafariMatch1.3.1mac

applesafariMatch1.3.2mac

applesafariMatch2.0mac

applesafariMatch2.0.2mac

applesafariMatch2.0.4mac

applesafariMatch3.0mac

applesafariMatch3.0.2-mac

applesafariMatch3.0.3mac

applesafariMatch3.0.4mac

applesafariMatch3.1mac

applesafariMatch3.1.1mac

applesafariMatch3.1.2mac

applesafariMatch3.2.1mac

applesafariMatch3.2.3mac

Node

applesafariRange≤3.2.3windows

applesafariMatch3.0windows

applesafariMatch3.0.1windows

applesafariMatch3.0.2windows

applesafariMatch3.0.3windows

applesafariMatch3.0.4windows

applesafariMatch3.1windows

applesafariMatch3.1.1windows

applesafariMatch3.1.2windows

applesafariMatch3.2-windows

applesafariMatch3.2.1windows

applesafariMatch3.2.2windows

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*
applesafari0.8cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*
applesafari0.9cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*
applesafari1.0cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*
applesafari1.0.3cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*
applesafari1.1cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*
applesafari1.2cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*
applesafari1.3cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*
applesafari1.3.1cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*
applesafari1.3.2cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari:::mac:::::*
apple	safari	0.8	cpe:2.3:a:apple:safari:0.8::mac:::::
apple	safari	0.9	cpe:2.3:a:apple:safari:0.9::mac:::::
apple	safari	1.0	cpe:2.3:a:apple:safari:1.0::mac:::::
apple	safari	1.0.3	cpe:2.3:a:apple:safari:1.0.3::mac:::::
apple	safari	1.1	cpe:2.3:a:apple:safari:1.1::mac:::::
apple	safari	1.2	cpe:2.3:a:apple:safari:1.2::mac:::::
apple	safari	1.3	cpe:2.3:a:apple:safari:1.3::mac:::::
apple	safari	1.3.1	cpe:2.3:a:apple:safari:1.3.1::mac:::::
apple	safari	1.3.2	cpe:2.3:a:apple:safari:1.3.2::mac:::::