CVE-2009-1697

{"id": "CVE-2009-1697", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-06-10T18:00:00.483", "references": [{"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/54992", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35379", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37746", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43068", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1022344", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3613", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3639", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2009/dsa-1950", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35260", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1522", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1621", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0212", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF (se refiere a CR (retorno de carro) y LF (salto de l\u00ednea)) en WebKit en Apple Safari anterior a v4.0. Permite a atacantes remotos inyectar cabeceras HTTP y saltarse la pol\u00edtica \"Same Origin\" a trav\u00e9s de un documento HTML manipulado, relativo a ataques de secuencias de comandos en sitios cruzados (XSS) que dependen de la comunicaci\u00f3n con sitios Web arbitrarios dentro del mismo servidor Web, mediante el uso de XMLHttpRequest sin la cabecera Host."}], "lastModified": "2011-02-17T06:43:40.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AA3463B-FB1D-4957-A738-946399B1B9DB", "versionEndIncluding": "4.0_beta"}, {"criteria": "cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F5F96DD-BD44-497B-A05E-326819BC46F8"}, {"criteria": "cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B00DC91-9895-405E-B9B4-211ABC3728DB"}, {"criteria": "cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82C4A098-7EAC-4611-B621-3F0EB1B15960"}, {"criteria": "cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56B016E7-C403-42AC-BF75-9BA723122A2F"}, {"criteria": "cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83CFAFD2-630E-4DB9-B187-6918CFE3075C"}, {"criteria": "cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F03B8DC9-B295-42A8-904F-3D1F827FFECD"}, {"criteria": "cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1876BC3B-B207-4E81-A0A7-259AFE6F2DEA"}, {"criteria": "cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03BBCC9D-E160-4614-B2B8-6359FE644E02"}, {"criteria": "cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDB6B46E-30E1-4E16-A941-F5E19AB34493"}, {"criteria": "cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E783789C-C5D4-47A2-A947-D19793B182E2"}, {"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE3C68CF-21A2-47D8-84F2-FD3219E90043"}, {"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4AD962-D9AD-48E5-9B53-E3C1593D43CC"}, {"criteria": "cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FA25DB-3525-4755-B038-6572B2457CF2"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9270F5C4-63B9-48C5-9D6D-9CDA1461205C"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE1D829-A6C9-4B5C-971B-5515FB92061D"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BC133D1-E120-4B84-85DC-1D528CB77FAA"}, {"criteria": "cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90D8505E-35D2-40A1-9D75-1A023C4DD65E"}, {"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D087ECA-D214-4A6B-8F64-7F8AABB14706"}, {"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4ABDE92-E8A8-431D-BF9C-9A54667A8664"}, {"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94956778-7E73-4B42-B7B1-0D11837B8476"}, {"criteria": "cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC54BF41-2BF6-4604-AEFA-532453AB91E5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F650EC-4778-4233-9CF5-2B809CE4C799", "versionEndIncluding": "3.2.3"}, {"criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32024B14-B4F7-466E-AEF2-0D3A7E8E1060"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D137F48A-E670-4BDB-B003-C6BB2A33F250"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85AB4EDB-408D-4D2F-95BE-B578455EFA4E"}, {"criteria": "cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B256D38-257B-4C3D-9EA5-2255BF3A329C"}, {"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "158AEA23-B5DB-4CBC-8391-2D97233A8E9A"}, {"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "218FBDC4-29AF-4BA1-A3FE-4E19B0E3E654"}, {"criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9"}, {"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE11F09-3D57-4CF0-8165-90FB234CC403"}, {"criteria": "cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99118352-6845-4704-B4A3-F98E8C06E0FD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}