Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-1699
HistoryJun 10, 2009 - 12:00 a.m.

CVE-2009-1699

2009-06-1000:00:00
ubuntu.com
ubuntu.com
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.031 Low

EPSS

Percentile

90.9%

JSON

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0,
iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1
does not properly handle XML external entities, which allows remote
attackers to read arbitrary files via a crafted DTD, as demonstrated by a
file:///etc/passwd URL in an entity declaration, related to an “XXE
attack.”

Bugs

Notes

Author Note
jdstrand webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur PoC: http://scary.beasts.org/security/CESA-2009-006.html PoC: http://www.milw0rm.com/exploits/8907 code doesn’t seem present in kde4libs
OSVersionArchitecturePackageVersionFilename
ubuntu8.10noarchqt4-x11< 4.4.3-0ubuntu1.4UNKNOWN

Related

prion 1
canvas 1
cve 1
debiancve 1
openvas 5
ubuntu 1
nessus 6
osv 1
debian 2
seebug 1
prion
prion
Design/Logic Flaw
2009-06-10 18:00:00
canvas
canvas
Immunity Canvas: SAFARI_FILE_STEALING2
2009-06-10 18:00:00
cve
cve
CVE-2009-1699
2009-06-10 18:00:00
debiancve
debiancve
CVE-2009-1699
2009-06-10 18:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-857-1)
2009-11-11 00:00:00
Ubuntu USN-857-1 (qt4-x11)
2009-11-11 00:00:00
Debian: Security Advisory (DSA-1988-1)
2023-03-08 00:00:00
ubuntu
ubuntu
Qt vulnerabilities
2009-11-10 00:00:00
nessus
nessus
Debian DSA-1988-1 : qt4-x11 - several vulnerabilities
2010-02-24 00:00:00
Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
2009-11-11 00:00:00
Mac OS X : Apple Safari < 4.0
2009-06-09 00:00:00
osv
osv
qt4-x11 - several vulnerabilities
2010-02-02 00:00:00
debian
debian
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
seebug
seebug
Apple Safari 4.0多个安全漏洞
2009-06-11 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.031 Low

EPSS

Percentile

90.9%

JSON
Related for UB:CVE-2009-1699
prion1canvas1cve1debiancve1openvas5ubuntu1nessus6osv1debian2seebug1