CVE-2009-1696

2009-06-1018:00:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2009-1696

webkit

apple safari

iphone os

ipod touch

javascript

security vulnerability

6.1 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.9%

JSON

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

CPENameOperatorVersion
apple:safariapple safarieq1.1
apple:safariapple safarieq1.3.1
apple:safariapple safarieq3.2.3
apple:safariapple safarieq2.0.2
apple:safariapple safarieq3.1
apple:safariapple safarieq3.1.2
apple:safariapple safarieq3.0
apple:safariapple safarieq0.8
apple:safariapple safarieq2.0
apple:safariapple safarieq3.0.4

CPE	Name	Operator	Version
apple:safari	apple safari	eq	1.1
apple:safari	apple safari	eq	1.3.1
apple:safari	apple safari	eq	3.2.3
apple:safari	apple safari	eq	2.0.2
apple:safari	apple safari	eq	3.1
apple:safari	apple safari	eq	3.1.2
apple:safari	apple safari	eq	3.0
apple:safari	apple safari	eq	0.8
apple:safari	apple safari	eq	2.0
apple:safari	apple safari	eq	3.0.4