CVE-2009-1697

Опубликовано: 10 июн. 2009

Источник: ubuntu

Приоритет: low

CVSS2: 4.3

Описание

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.

Релиз	Статус	Примечание
dapper	not-affected	no webkit
devel	not-affected	4.5.2-0ubuntu5
hardy	not-affected	no webkit
intrepid	ignored	end of life, was needed
jaunty	ignored	end of life
karmic	not-affected	4.5.2-0ubuntu5
lucid	not-affected	4.5.2-0ubuntu5
maverick	not-affected	4.5.2-0ubuntu5
natty	not-affected	4.5.2-0ubuntu5
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
dapper	DNE
devel	not-affected	1.1.12-1ubuntu1
hardy	ignored	end of life
intrepid	ignored	end of life, was needed
jaunty	ignored	end of life
karmic	not-affected	1.1.12-1ubuntu1
lucid	not-affected	1.1.12-1ubuntu1
maverick	not-affected	1.1.12-1ubuntu1
natty	not-affected	1.1.12-1ubuntu1
upstream	needs-triage

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2009-1697

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2009-1697

nvd

больше 16 лет назад

CVE-2009-1697

debian

больше 16 лет назад

CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPh ...

GHSA-wpgx-8qqv-qrcq

github

почти 4 года назад

4.3 Medium

CVSS2

CVE-2009-1697

Описание

Пакет qt4-x11

Пакет webkit

Ссылки на источники

Связанные уязвимости