CVE-2009-1696

Sažetak

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/55027
http://secunia.com/advisories/35379
http://secunia.com/advisories/43068
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://www.securityfocus.com/bid/35260
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-02-2011 - 06:43

Objavljeno

10-06-2009 - 18:00