Lucene search

K
cvelistMitreCVELIST:CVE-2009-2816
HistoryNov 13, 2009 - 3:00 p.m.

CVE-2009-2816

2009-11-1315:00:00
mitre
www.cve.org

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

References

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%