Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2816

Опубликовано: 13 нояб. 2009
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Версия до 4.0.4 (исключая)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Версия до 3.0.195.33 (исключая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Версия до 4.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02154
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

ubuntu логотип

CVE-2009-2816

ubuntu
около 16 лет назад

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

redhat логотип

CVE-2009-2816

redhat
около 16 лет назад

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

debian логотип

CVE-2009-2816

debian
около 16 лет назад

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...

github логотип

GHSA-2wxv-94xf-vqv2

github
больше 3 лет назад

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

EPSS

Процентиль: 84%
0.02154
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352