[email protected]CVE-2009-1691

HistoryJun 10, 2009 - 2:30 p.m.

CVE-2009-1691

2009-06-1014:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1691

cross-site scripting

xss

webkit

apple safari

iphone os

remote attackers

javascript

access control

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.

CPENameOperatorVersion
apple:safariapple safarieq3.1.2
apple:safariapple safarieq3.2.1
apple:safariapple safarieq0.9
apple:safariapple safarieq1.3.2
apple:safariapple safarieq1.2
apple:safariapple safarieq3.0.4
apple:safariapple safarieq3.0.3
apple:safariapple safarieq1.3.1
apple:safariapple safarieq2.0.4
apple:safariapple safarieq3.0

CPE	Name	Operator	Version
apple:safari	apple safari	eq	3.1.2
apple:safari	apple safari	eq	3.2.1
apple:safari	apple safari	eq	0.9
apple:safari	apple safari	eq	1.3.2
apple:safari	apple safari	eq	1.2
apple:safari	apple safari	eq	3.0.4
apple:safari	apple safari	eq	3.0.3
apple:safari	apple safari	eq	1.3.1
apple:safari	apple safari	eq	2.0.4
apple:safari	apple safari	eq	3.0

Rows per page:

1-10 of 251

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

osvdb.org/54989

secunia.com/advisories/35379

secunia.com/advisories/43068

securitytracker.com/id?1022344

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

www.securityfocus.com/bid/35260

www.securityfocus.com/bid/35330

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

www.vupen.com/english/advisories/2011/0212

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2009-1691

debiancve1 prion1 ubuntucve1 openvas2 seebug1 nessus4