Lucene search

K

[email protected]CVE-2009-1725

HistoryJul 09, 2009 - 5:30 p.m.

CVE-2009-1725

2009-07-0917:30:00

CWE-189

[email protected]

web.nvd.nist.gov

42

webkit

apple safari

iphone os

khtml

kdelibs

kde

qtwebkit

qt toolkit

remote code execution

memory corruption

application crash

nvd

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.6%

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CPENameOperatorVersion
apple:safariapple safarieq3.0.4b
apple:safariapple safarieq2.0.3
apple:safariapple safarile4.0.1
apple:safariapple safarieq3.0.4
apple:safariapple safarieq3.0.1
apple:safariapple safarieq2.0.1
apple:safariapple safarieq2.0.2
apple:safariapple safarieq3.0.0
apple:safariapple safarieq3.0.2
apple:safariapple safarieq3.0.3b

Rows per page:

1-10 of 491

References

lists.apple.com/archives/security-announce/2009/Jul/msg00000.html

lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

osvdb.org/55739

secunia.com/advisories/35758

secunia.com/advisories/36057

secunia.com/advisories/36062

secunia.com/advisories/36347

secunia.com/advisories/36677

secunia.com/advisories/36790

secunia.com/advisories/37746

secunia.com/advisories/43068

support.apple.com/kb/HT3666

support.apple.com/kb/HT3860

websvn.kde.org/?view=rev&revision=1002162

websvn.kde.org/?view=rev&revision=1002163

websvn.kde.org/?view=rev&revision=1002164

www.debian.org/security/2009/dsa-1950

www.mandriva.com/security/advisories?name=MDVSA-2009:330

www.securityfocus.com/bid/35607

www.securitytracker.com/id?1022526

www.ubuntu.com/usn/USN-836-1

www.ubuntu.com/usn/USN-857-1

www.vupen.com/english/advisories/2009/1827

www.vupen.com/english/advisories/2011/0212

bugzilla.redhat.com/show_bug.cgi?id=513813

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777

www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.6%

Related for CVE-2009-1725

nessus21 fedora17 openvas38 ubuntucve1 prion1 debiancve1 ubuntu2 osv2 debian3