CVE-2009-1693

MEDIUM

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://osvdb.org/55004

http://secunia.com/advisories/35379

http://secunia.com/advisories/37746

http://secunia.com/advisories/43068

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://www.debian.org/security/2009/dsa-1950

http://www.securityfocus.com/bid/35260

http://www.securityfocus.com/bid/35331

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2011/0212

Details

Source: MITRE

Published: 2009-06-10

Updated: 2011-02-17

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:*:-:mac:*:*:*:*:* versions up to 4.0_beta (inclusive)

Configuration 2

cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:* versions up to 3.2.3 (inclusive)

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
75629	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
53764	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
44815	Debian DSA-1950-1 : webkit - several vulnerabilities	Nessus	Debian Local Security Checks	high
39339	Safari < 4.0 Multiple Vulnerabilities	Nessus	Windows	high
39338	Mac OS X : Apple Safari < 4.0	Nessus	MacOS X Local Security Checks	high
5046	Safari < 4.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
800993	Safari < 4.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high