Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1700

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1700
Last Modified 30 Mar 2012 12:00:00
Published 10 Jun 2009 02:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1700

Summary

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

Vulnerable Systems

Operating System

  • Apple Iphone Os 1.0.0

  • Apple Iphone Os 1.0.1

  • Apple Iphone Os 1.0.2

  • Apple Iphone Os 1.1.0

  • Apple Iphone Os 1.1.1

  • Apple Iphone Os 1.1.2

  • Apple Iphone Os 1.1.3

  • Apple Iphone Os 1.1.4

  • Apple Iphone Os 1.1.5

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 2.1.1

  • Apple Iphone Os 2.2

  • Apple Iphone Os 2.2.1

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.0.3

  • Apple Safari 1.1

  • Apple Safari 1.2

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2.0

  • Apple Safari 2.0.0

  • Apple Safari 2.0.1

  • Apple Safari 2.0.2

  • Apple Safari 2.0.3

  • Apple Safari 2.0.4

  • Apple Safari 3.0

  • Apple Safari 3.0.0

  • Apple Safari 3.0.0b

  • Apple Safari 3.0.1

  • Apple Safari 3.0.1b

  • Apple Safari 3.0.2

  • Apple Safari 3.0.2b

  • Apple Safari 3.0.3

  • Apple Safari 3.0.3b

  • Apple Safari 3.0.4

  • Apple Safari 3.0.4b

  • Apple Safari 3.1

  • Apple Safari 3.1.0

  • Apple Safari 3.1.0b

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2

  • Apple Safari 3.2

  • Apple Safari 3.2.0

  • Apple Safari 3.2.1

  • Apple Safari 3.2.2

  • Apple Safari 3.2.3

  • Apple Safari 4.0 Beta


References

VUPEN - ADV-2009-1522

CONFIRM - http://support.apple.com/kb/HT3613

APPLE - APPLE-SA-2009-06-08-1

VUPEN - ADV-2011-0212

VUPEN - ADV-2009-1621

BID - 35260

CONFIRM - http://support.apple.com/kb/HT3639

SECUNIA - 43068

SECUNIA - 35379

OSVDB - 54973

SUSE - SUSE-SR:2011:002

APPLE - APPLE-SA-2009-06-17-1

Related Patches

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:42:31