Lucene search

PRIOn knowledge basePRION:CVE-2009-2797

HistorySep 10, 2009 - 9:30 p.m.

Information disclosure

2009-09-1021:30:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

CPENameOperatorVersion
iphone_oslt3.1
iphone_oslt3.1.1
ubuntu_linuxeq10.10
ubuntu_linuxeq10.04
ubuntu_linuxeq9.10

Name	Operator	Version
iphone_os	lt	3.1
iphone_os	lt	3.1.1
ubuntu_linux	eq	10.10
ubuntu_linux	eq	10.04
ubuntu_linux	eq	9.10

References

lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/36677

secunia.com/advisories/41856

secunia.com/advisories/43068

support.apple.com/kb/HT3860

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.securityfocus.com/bid/36339

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

exchange.xforce.ibmcloud.com/vulnerabilities/53187

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for PRION:CVE-2009-2797