CVE-2009-2199 : Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as us

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

Published 2009-08-12 19:30:00

Updated 2022-08-09 13:49:00

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-2199

Apple » Safari
Versions up to, including, (<=) 4.0.2
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.1
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.2
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.3
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.4
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.2
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.1
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.3
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.4
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1.1
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.0
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1.2
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1.0
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.3 Update 417.9
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.0
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.2.1
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.3 Update 417.9.2
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.3 Update 417.8
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.2.0
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1.0b
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.1b
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.1 Update Beta
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.2b
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 2.0.3 Update 417.9.3
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.4b
cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.0b
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.3b
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.2.2
cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 4.0.0b
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 4.0
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 4.0.1
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions up to, including, (<=) 3.0.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os
Versions up to, including, (<=) 3.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Ipod Touch
Apple » Iphone Os » Version: 2.0.2
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.0.1
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.0.2
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.1
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.1.2
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.1.1
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.0
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.1.5
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.0.1
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.1.4
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.1.3
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.2.1
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.0.0
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.2
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.1.1
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 2.0.0
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 1.1.0
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 3.0
cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Iphone Os
Apple » Iphone Os » Version: 3.0.1
cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Ipod Touch

Exploit prediction scoring system (EPSS) score for CVE-2009-2199

EPSS FAQ

1.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-2199

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2009-2199

http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html

Patch;Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0212

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://support.apple.com/kb/HT3733

Patch;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002

CVEs referencing this url
http://support.apple.com/kb/HT3860

About the security content of iOS 3.1 and iOS 3.1.1 for iPod touch - Apple Support

CVEs referencing this url
http://www.securitytracker.com/id?1022719
http://www.securityfocus.com/bid/36026

Patch
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Apple - Lists.apple.com

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-2199

Products affected by CVE-2009-2199

Exploit prediction scoring system (EPSS) score for CVE-2009-2199

CVSS scores for CVE-2009-2199

References for CVE-2009-2199