CVE-2009-2797
5.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.9%
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
References
lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
secunia.com/advisories/36677
secunia.com/advisories/41856
secunia.com/advisories/43068
support.apple.com/kb/HT3860
www.mandriva.com/security/advisories?name=MDVSA-2011:039
www.securityfocus.com/bid/36339
www.ubuntu.com/usn/USN-1006-1
www.vupen.com/english/advisories/2010/2722
www.vupen.com/english/advisories/2011/0212
www.vupen.com/english/advisories/2011/0552
exchange.xforce.ibmcloud.com/vulnerabilities/53187
Related
5.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.9%