CVE-2009-2816

2009-11-1315:30:00

Debian Security Bug Tracker

security-tracker.debian.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

OSVersionArchitecturePackageVersionFilename
Debian10allkde4libs< 4:4.14.38-3kde4libs_4:4.14.38-3_all.deb
Debian10allqt4-x11< 4:4.6.2-4qt4-x11_4:4.6.2-4_all.deb