CVE-2009-1700

Sažetak

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

Reference

http://secunia.com/advisories/35379
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://www.securityfocus.com/bid/35260
http://www.vupen.com/english/advisories/2009/1522
http://support.apple.com/kb/HT3613
http://osvdb.org/54973
http://support.apple.com/kb/HT3639
http://www.vupen.com/english/advisories/2009/1621
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://secunia.com/advisories/43068
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-08-2022 - 13:48

Objavljeno

10-06-2009 - 18:00