CVE-2009-2419

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.

References

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://marcell-dietl.de/index/adv_safari_4_x_js_reload_dos.php

http://secunia.com/advisories/33495

http://secunia.com/advisories/43068

http://trac.webkit.org/changeset/44519

http://www.osvdb.org/55587

http://www.securityfocus.com/bid/35555

http://www.vupen.com/english/advisories/2011/0212

https://exchange.xforce.ibmcloud.com/vulnerabilities/51533

Details

Source: MITRE

Published: 2009-07-09

Updated: 2017-08-17

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
75629openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
53764openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical