5

CVE-2009-2797

EPSS 1.96%
Veröffentlicht 10.09.2009 21:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version < 3.1

Apple ≫ iPhone OS SwPlatformipod_touch Version < 3.1.1

Canonical ≫ Ubuntu Linux Version9.10

Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version10.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.96%	0.818

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Third Party Advisory

http://secunia.com/advisories/43068

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Patch

Vendor Advisory

Mailing List

http://secunia.com/advisories/36677

Third Party Advisory

http://support.apple.com/kb/HT3860

Patch

Vendor Advisory

http://secunia.com/advisories/41856

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Third Party Advisory

http://www.securityfocus.com/bid/36339

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-1006-1

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2722

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0552

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/53187

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2009-2797

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2797

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2797

EUVD