CVE-2009-1697

MEDIUM

Description

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://osvdb.org/54992

http://secunia.com/advisories/35379

http://secunia.com/advisories/37746

http://secunia.com/advisories/43068

http://securitytracker.com/id?1022344

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://www.debian.org/security/2009/dsa-1950

http://www.securityfocus.com/bid/35260

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2011/0212

Details

Source: MITRE

Published: 2009-06-10

Updated: 2011-02-17

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:* versions up to 4.0_beta (inclusive)

Configuration 2

cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:* versions up to 3.2.3 (inclusive)

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
75629	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
53764	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
44815	Debian DSA-1950-1 : webkit - several vulnerabilities	Nessus	Debian Local Security Checks	high
39339	Safari < 4.0 Multiple Vulnerabilities	Nessus	Windows	high
39338	Mac OS X : Apple Safari < 4.0	Nessus	MacOS X Local Security Checks	high
5046	Safari < 4.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
800993	Safari < 4.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high