Ubuntu.comUB:CVE-2009-1697CVE-2009-1697
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
78.8%
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone
OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows
remote attackers to inject HTTP headers and bypass the Same Origin Policy
via a crafted HTML document, related to cross-site scripting (XSS) attacks
that depend on communication with arbitrary web sites on the same server
through use of XMLHttpRequest without a Host header.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
| mdeslaur | code doesn’t seem present in kde4libs commit doesn’t look like it matches the CVE |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
78.8%