Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-1699 | First vendor Publication | 2009-06-10 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 7.5 | ||
| Base Score | 7.5 | Environmental Score | 7.5 |
| impact SubScore | 3.6 | Temporal Score | 7.5 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | None | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 7.1 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1699 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-11 | Name : Ubuntu USN-857-1 (qt4-x11) File : nvt/ubuntu_857_1.nasl |
| 2009-06-16 | Name : Apple Safari Multiple Vulnerabilities June-09 (Win) - II File : nvt/gb_apple_safari_mult_vuln_jun09_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 54972 | Apple Safari WebKit XML External Entity Handling Arbitrary File Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110104.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110111.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1988.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-857-1.nasl - Type : ACT_GATHER_INFO |
| 2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO |
| 2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:11:08 |
|
| 2024-11-28 12:18:58 |
|
| 2024-08-02 12:11:33 |
|
| 2024-08-02 01:03:08 |
|
| 2024-02-10 09:28:09 |
|
| 2022-08-09 17:27:47 |
|
| 2021-05-04 12:09:34 |
|
| 2021-04-22 01:09:55 |
|
| 2021-04-10 12:05:23 |
|
| 2020-05-23 01:40:25 |
|
| 2020-05-23 00:23:47 |
|
| 2017-11-29 12:03:00 |
|
| 2017-11-23 12:03:02 |
|
| 2017-09-29 09:24:13 |
|
| 2016-06-28 17:41:56 |
|
| 2016-04-27 09:41:37 |
|
| 2016-04-26 18:50:03 |
|
| 2014-06-14 13:28:14 |
|
| 2014-02-17 10:50:05 |
|
| 2013-05-10 23:50:42 |
|
