CVE-2009-1713

Sažetak

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/54975
http://secunia.com/advisories/35379
http://secunia.com/advisories/43068
http://support.apple.com/kb/HT3613
http://www.securityfocus.com/bid/35260
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2011/0212
https://exchange.xforce.ibmcloud.com/vulnerabilities/51267

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:30

Objavljeno

10-06-2009 - 18:00