Lucene search

PRIOn knowledge basePRION:CVE-2009-1699

HistoryJun 10, 2009 - 6:00 p.m.

Design/Logic Flaw

2009-06-1018:00:00

PRIOn knowledge base

www.prio-n.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.031 Low

EPSS

Percentile

90.8%

JSON

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an “XXE attack.”

CPENameOperatorVersion
iphone_osge1.0.0
iphone_osle2.2.1
safarilt4.0
ubuntu_linuxeq9.04
ubuntu_linuxeq8.10
opensuseeq11.2
opensuseeq11.3

Name	Operator	Version
iphone_os	ge	1.0.0
iphone_os	le	2.2.1
safari	lt	4.0
ubuntu_linux	eq	9.04
ubuntu_linux	eq	8.10
opensuse	eq	11.2
opensuse	eq	11.3

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

osvdb.org/54972

scary.beasts.org/security/CESA-2009-006.html

secunia.com/advisories/35379

secunia.com/advisories/43068

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

www.securityfocus.com/bid/35260

www.securityfocus.com/bid/35321

www.ubuntu.com/usn/USN-857-1

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

www.vupen.com/english/advisories/2011/0212

scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html

www.exploit-db.com/exploits/8907

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.031 Low

EPSS

Percentile

90.8%

JSON

Related for PRION:CVE-2009-1699