Vulnerability CVE-2009-1725 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1725 (CCN-51610)

Assigned:

2009-07-08

Published:

2009-07-08

Updated:

2022-08-09

Summary:

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1725

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2009-07-08-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-09-09-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:002

Source: OSVDB
Type: UNKNOWN
55739

Source: CCN
Type: SA35758
Apple Safari Two WebKit Component Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35758

Source: SECUNIA
Type: UNKNOWN
36057

Source: SECUNIA
Type: UNKNOWN
36062

Source: SECUNIA
Type: UNKNOWN
36347

Source: CCN
Type: SA36677
Apple iPhone / iPod touch Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
36677

Source: SECUNIA
Type: UNKNOWN
36790

Source: SECUNIA
Type: UNKNOWN
37746

Source: SECUNIA
Type: UNKNOWN
43068

Source: CCN
Type: SECTRACK ID: 1022526
Apple Safari WebKit Bug in Procesing Numeric Character References Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Apple Web site
About the security content of Safari 4.0.2

Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.apple.com/kb/HT3666

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3860

Source: CONFIRM
Type: UNKNOWN
http://websvn.kde.org/?view=rev&revision=1002162

Source: CONFIRM
Type: UNKNOWN
http://websvn.kde.org/?view=rev&revision=1002163

Source: CCN
Type: The KDE Source Repository
Revision 1002164

Source: CONFIRM
Type: UNKNOWN
http://websvn.kde.org/?view=rev&revision=1002164

Source: DEBIAN
Type: UNKNOWN
DSA-1950

Source: DEBIAN
Type: DSA-1950
webkit -- several vulnerabilities

Source: DEBIAN
Type: DSA-1988
qt4-x11 -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:330

Source: CCN
Type: OSVDB ID: 55739
Apple Safari WebKit Numeric Character References Handling Memory Corruption

Source: BID
Type: Patch
35607

Source: CCN
Type: BID-35607
WebKit Numeric Character References Remote Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022526

Source: CCN
Type: USN-836-1
WebKit vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-836-1

Source: CCN
Type: USN-857-1
Qt vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-857-1

Source: VUPEN
Type: UNKNOWN
ADV-2009-1827

Source: VUPEN
Type: UNKNOWN
ADV-2011-0212

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=513813

Source: XF
Type: UNKNOWN
safari-character-code-execution(51610)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5777

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8800

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8802

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8039

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8049

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8046

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8020

Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:safari:3.0.4b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*

OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version <= 4.0.1)

OR cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:beta:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.0b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.0b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.9:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.8:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.0b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version <= 3.0.1)

OR cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

AND

cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version <= 3.1)

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

AND

cpe:/h:apple:ipod_touch:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*

OR cpe:/h:apple:ipod_touch:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091725	V	CVE-2009-1725	2022-05-20
oval:org.opensuse.security:def:32186	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:29414	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:32279	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:29378	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:27968	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:33427	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:28680	P	Security update for flash-player	2020-12-01
oval:org.opensuse.security:def:32423	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:28162	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31966	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:28740	P	Security update for libevent	2020-12-01
oval:org.opensuse.security:def:32635	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28303	P	Security update for ocaml (Moderate)	2020-12-01
oval:org.opensuse.security:def:31978	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32723	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28539	P	Security update for CUPS	2020-12-01
oval:org.opensuse.security:def:27957	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32789	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28641	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32336	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:28032	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:33466	P	Security update for kdelibs	2020-12-01
oval:org.opensuse.security:def:28696	P	Security update for glibc	2020-12-01
oval:org.opensuse.security:def:32579	P	mozilla-xulrunner190 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28246	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31967	P	Security update for intel-SINIT (Important)	2020-12-01
oval:org.opensuse.security:def:32684	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28387	P	Security update for rubygem-rack-1_4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32052	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:27956	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32745	P	lvm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28592	P	Security update for openssl-certs	2020-12-01
oval:org.mitre.oval:def:13113	P	USN-836-1 -- webkit vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13946	P	USN-857-1 -- qt4-x11 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:18395	P	DSA-1950-1 webkit - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7247	P	DSA-1950 webkit -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:19394	P	DSA-1988-1 qt4-x11 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:6923	P	DSA-1988 qt4-x11 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:5777	V	Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.	2014-02-03
oval:org.debian:def:1988	V	several vulnerabilities	2010-02-02
oval:org.debian:def:1950	V	several vulnerabilities	2009-12-12