CVE-2009-1700

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
OR cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

History

09 Aug 2022, 13:48

Type Values Removed Values Added
CPE cpe:2.3:h:apple:iphone:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Information

Published : 2009-06-10 18:00

Updated : 2022-08-09 13:48


NVD link : CVE-2009-1700

Mitre link : CVE-2009-1700


JSON object : View

Products Affected

apple

  • ipod_touch
  • iphone_os
  • safari
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor