Lucene search
HistoryAug 12, 2009 - 7:30 p.m.
CVE-2009-2200
apple safari
webkit
cve-2009-2200
url scheme
vulnerability
nvd
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
7.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.
Affected configurations
Node
applemac_os_xMatch10.4.
ORapplemac_os_xMatch10.5.7
ORapplemac_os_xMatch10.5.8
ORapplemac_os_x_serverMatch10.4.11
ORapplemac_os_x_serverMatch10.5.7
ORapplemac_os_x_serverMatch10.5.8
ORmicrosoftwindows_vista
ORmicrosoftwindows_xp
applesafariRange≤4.0.2
ORapplesafariMatch0.8
ORapplesafariMatch0.9
ORapplesafariMatch1.0
ORapplesafariMatch1.0beta
ORapplesafariMatch1.0beta2
ORapplesafariMatch1.0.0
ORapplesafariMatch1.0.0b1
ORapplesafariMatch1.0.0b2
ORapplesafariMatch1.0.1
ORapplesafariMatch1.0.2
ORapplesafariMatch1.0.3
ORapplesafariMatch1.0.385.8
ORapplesafariMatch1.0.385.8.1
ORapplesafariMatch1.1
ORapplesafariMatch1.1.0
ORapplesafariMatch1.1.1
ORapplesafariMatch1.2
ORapplesafariMatch1.2.0
ORapplesafariMatch1.2.1
ORapplesafariMatch1.2.2
ORapplesafariMatch1.2.3
ORapplesafariMatch1.2.4
ORapplesafariMatch1.2.5
ORapplesafariMatch1.3
ORapplesafariMatch1.3.0
ORapplesafariMatch1.3.1
ORapplesafariMatch1.3.2
ORapplesafariMatch1.3.2312.5
ORapplesafariMatch1.3.2312.6
ORapplesafariMatch2.0
ORapplesafariMatch2.0.0
ORapplesafariMatch2.0.1
ORapplesafariMatch2.0.2
ORapplesafariMatch2.0.3
ORapplesafariMatch2.0.3417.8
ORapplesafariMatch2.0.3417.9
ORapplesafariMatch2.0.3417.9.2
ORapplesafariMatch2.0.3417.9.3
ORapplesafariMatch2.0.3_417.9.3
ORapplesafariMatch2.0.4
ORapplesafariMatch2.0.4_419.3
ORapplesafariMatch2.0_pre
ORapplesafariMatch3
ORapplesafariMatch3.0
ORapplesafariMatch3.0.0
ORapplesafariMatch3.0.0b
ORapplesafariMatch3.0.1
ORapplesafariMatch3.0.1beta
ORapplesafariMatch3.0.1b
ORapplesafariMatch3.0.2
ORapplesafariMatch3.0.2b
ORapplesafariMatch3.0.3
ORapplesafariMatch3.0.3522.15.5
ORapplesafariMatch3.0.3b
ORapplesafariMatch3.0.4
ORapplesafariMatch3.0.4_beta
ORapplesafariMatch3.0.4b
ORapplesafariMatch3.1
ORapplesafariMatch3.1.0
ORapplesafariMatch3.1.0b
ORapplesafariMatch3.1.1
ORapplesafariMatch3.1.2
ORapplesafariMatch3.2
ORapplesafariMatch3.2.0
ORapplesafariMatch3.2.1
ORapplesafariMatch3.2.2
ORapplesafariMatch4.0
ORapplesafariMatch4.0beta
ORapplesafariMatch4.0.1
ORapplesafariMatch4.0_beta528.16
ORapplesafariMatch4beta
ORapplesafariMatchbeta2
References
Social References
More
Related
prion
prion
Hardcoded credentials
2009-08-12 19:30:00
debiancve
debiancve
CVE-2009-2200
2009-08-12 19:30:00
ubuntucve
ubuntucve
CVE-2009-2200
2009-08-12 00:00:00
cvelist
cvelist
CVE-2009-2200
2009-08-12 19:00:00
nvd
nvd
CVE-2009-2200
2009-08-12 19:30:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (Aug 2009)
2009-08-19 00:00:00
Apple Safari Multiple Vulnerabilities - Aug09
2009-08-19 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 4.0.3
2009-08-11 00:00:00
Safari < 4.0.3 Multiple Vulnerabilities
2009-08-11 00:00:00
Safari < 4.0.3 Multiple Vulnerabilities
2009-08-11 00:00:00
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
7.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%
Related for CVE-2009-2200