CVE-2009-1693

MEDIUM

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://osvdb.org/55004

http://secunia.com/advisories/35379

http://secunia.com/advisories/37746

http://secunia.com/advisories/43068

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://www.debian.org/security/2009/dsa-1950

http://www.securityfocus.com/bid/35260

http://www.securityfocus.com/bid/35331

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2011/0212

Details

Source: MITRE

Published: 2009-06-10

Updated: 2011-02-17

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.3:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:*:-:mac:*:*:*:*:* versions up to 4.0_beta (inclusive)

Configuration 2

OR

cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:* versions up to 3.2.3 (inclusive)

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
75629openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
53764openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
44815Debian DSA-1950-1 : webkit - several vulnerabilitiesNessusDebian Local Security Checks
high
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
39338Mac OS X : Apple Safari < 4.0NessusMacOS X Local Security Checks
high
5046Safari < 4.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
800993Safari < 4.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high