Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2841

Опубликовано: 13 нояб. 2009
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Версия до 4.0.3 (включая)
cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3_417.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0_pre:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4_beta:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.03879
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2009-2841

ubuntu
около 16 лет назад

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

redhat логотип

CVE-2009-2841

redhat
около 16 лет назад

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

debian логотип

CVE-2009-2841

debian
около 16 лет назад

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.c ...

github логотип

GHSA-rrp5-fpqr-wrqg

github
больше 3 лет назад

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

EPSS

Процентиль: 88%
0.03879
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other