Vulnerability Details : CVE-2009-1699
Potential exploit
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2009-1699
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1699
12.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1699
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:C/I:N/A:N |
8.6
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-02-10 |
CWE ids for CVE-2009-1699
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1699
-
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link;Mailing List;Patch;Vendor Advisory
-
http://support.apple.com/kb/HT3613
About the security content of Safari 4.0 - Apple SupportPatch;Vendor Advisory
-
http://secunia.com/advisories/43068
Sign inBroken Link
-
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
Security: Apple's Safari 4 fixes local file theft attackExploit
-
http://www.vupen.com/english/advisories/2011/0212
Webmail | OVH- OVHBroken Link
-
http://www.securityfocus.com/bid/35321
Broken Link;Third Party Advisory;VDB Entry
-
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Mailing List
-
http://www.ubuntu.com/usn/USN-857-1
USN-857-1: Qt vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://www.exploit-db.com/exploits/8907
Apple Safari 3.2.x - XML External Entity Local File Theft - Multiple remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002Mailing List
-
http://scary.beasts.org/security/CESA-2009-006.html
CESA-2009-006 - rev 1Exploit
-
http://secunia.com/advisories/35379
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://osvdb.org/54972
Broken Link
-
http://www.vupen.com/english/advisories/2009/1522
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/1621
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.securityfocus.com/bid/35260
Broken Link;Exploit;Third Party Advisory;VDB Entry
-
http://support.apple.com/kb/HT3639
About the security content of iOS 3.0 Software Update - Apple SupportVendor Advisory
Jump to