Vulnerability Name: | CVE-2009-2797 (CCN-53187) | ||||||||
Assigned: | 2009-09-10 | ||||||||
Published: | 2009-09-10 | ||||||||
Updated: | 2018-11-16 | ||||||||
Summary: | The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-200 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2009-2797 Source: APPLE Type: Mailing List, Patch, Vendor Advisory APPLE-SA-2009-09-09-1 Source: SUSE Type: Third Party Advisory SUSE-SR:2011:002 Source: CCN Type: SA36677 Apple iPhone / iPod touch Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 36677 Source: SECUNIA Type: Third Party Advisory 41856 Source: SECUNIA Type: Third Party Advisory 43068 Source: CCN Type: Apple Web site About the security content of iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch Source: CONFIRM Type: Patch, Vendor Advisory http://support.apple.com/kb/HT3860 Source: MANDRIVA Type: Third Party Advisory MDVSA-2011:039 Source: CCN Type: OSVDB ID: 57891 Apple iPhone / iPod Touch WebKit Referer Header Information Disclosure Source: BID Type: Third Party Advisory, VDB Entry 36339 Source: CCN Type: BID-36339 Apple iPhone and iPod touch Safari Referer Header Information Disclosure Vulnerability Source: UBUNTU Type: Third Party Advisory USN-1006-1 Source: VUPEN Type: Third Party Advisory ADV-2010-2722 Source: VUPEN Type: Third Party Advisory ADV-2011-0212 Source: VUPEN Type: Third Party Advisory ADV-2011-0552 Source: XF Type: Third Party Advisory, VDB Entry ipod-ipone-referer-info-disclosure(53187) Source: XF Type: UNKNOWN ipod-ipone-referer-info-disclosure(53187) Source: SUSE Type: SUSE-SR:2011:002 SUSE Security Summary Report | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |