Lucene search

[email protected]CVE-2009-2419

HistoryJul 09, 2009 - 4:30 p.m.

CVE-2009-2419

2009-07-0916:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-2419

use-after-free vulnerability

webkit

apple safari 4.0

denial of service

remote code execution

crafted html document

javascript reload function.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.6 High

AI Score

Confidence

High

0.228 Low

EPSS

Percentile

96.5%

JSON

Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

applesafariMatch4.0

applesafariMatch4.0.1

CPENameOperatorVersion
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.1

CPE	Name	Operator	Version
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.1

References

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

marcell-dietl.de/index/adv_safari_4_x_js_reload_dos.php

secunia.com/advisories/33495

secunia.com/advisories/43068

trac.webkit.org/changeset/44519

www.osvdb.org/55587

www.securityfocus.com/bid/35555

www.vupen.com/english/advisories/2011/0212

exchange.xforce.ibmcloud.com/vulnerabilities/51533

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.6 High

AI Score

Confidence

High

0.228 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2009-2419

openvas2 cvelist1 prion1 ubuntucve1 nvd1 nessus2