Lucene search

[email protected]NVD:CVE-2009-1700

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1700

2009-06-1018:00:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

Confidence

High

EPSS

0.007

Percentile

80.0%

JSON

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

Affected configurations

Nvd

Node

applesafariRange≤3.2.2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1beta

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

Node

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

AND

appleipod_touch

appleiphone_os

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applesafari2.0cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
applesafari2.0.0cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
applesafari2.0.1cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
applesafari2.0.2cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	safari	2.0	cpe:2.3:a:apple:safari:2.0:::::::*
apple	safari	2.0.0	cpe:2.3:a:apple:safari:2.0.0:::::::*
apple	safari	2.0.1	cpe:2.3:a:apple:safari:2.0.1:::::::*
apple	safari	2.0.2	cpe:2.3:a:apple:safari:2.0.2:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.8::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9.3::::::