Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-2841
HistoryNov 13, 2009 - 3:30 p.m.

CVE-2009-2841

2009-11-1315:30:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
36
cve-2009-2841
htmlmediaelement
loadresource
webkit
webcore
safari
mac os x
remote attackers
sub-resource requests
html 5
nvd

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.3%

JSON

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

References

Related

seebug 2
ubuntucve 1
debiancve 1
prion 1
cvelist 1
nessus 10
threatpost 2
fedora 2
openvas 7
seebug
seebug
WebKit资源装载回调信息泄漏漏洞
2009-11-16 00:00:00
Safari 4.0.4版本修复多个安全漏洞
2009-11-13 00:00:00
ubuntucve
ubuntucve
CVE-2009-2841
2009-11-13 00:00:00
debiancve
debiancve
CVE-2009-2841
2009-11-13 15:30:00
prion
prion
Design/Logic Flaw
2009-11-13 15:30:00
cvelist
cvelist
CVE-2009-2841
2009-11-13 15:00:00
nessus
nessus
Fedora 13 : qt-4.6.3-8.fc13 (2010-11011)
2010-07-14 00:00:00
Fedora 12 : qt-4.6.3-8.fc12 (2010-11020)
2010-07-14 00:00:00
Mac OS X : Apple Safari < 4.0.4
2009-11-12 00:00:00
threatpost
threatpost
Apple Plugs Critical iPhone Security Holes
2010-02-02 19:05:36
Apple Patches Critical Safari Vulnerabilities
2009-11-11 21:45:09
fedora
fedora
[SECURITY] Fedora 13 Update: qt-4.6.3-8.fc13
2010-07-13 07:40:16
[SECURITY] Fedora 12 Update: qt-4.6.3-8.fc12
2010-07-13 07:43:47
openvas
openvas
Fedora Update for qt FEDORA-2010-11011
2010-07-16 00:00:00
Fedora Update for qt FEDORA-2010-11011
2010-07-16 00:00:00
Fedora Update for qt FEDORA-2010-11020
2010-07-16 00:00:00

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.3%

JSON
Related for CVE-2009-2841
seebug2ubuntucve1debiancve1prion1cvelist1nessus10threatpost2fedora2openvas7