Oval Definition:oval:org.mitre.oval:def:6516
Revision Date:2013-11-11Version:7
Title:OPTIONS Request in WebKit in Apple Safari Cross-Site Request Forgery (CSRF) Vulnerability.
Description:The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-2816
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Apple Safari
Definition Synopsis
  • Apple Safari is installed
  • AND Apple Safari version is less than 5.31.21.10
  • BACK