Vulnerability Details : CVE-2009-2797
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Products affected by CVE-2009-2797
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:ipod_touch:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-2797
1.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2797
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-2797
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2797
-
http://secunia.com/advisories/43068
Sign inThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/2722
Webmail | OVH- OVHThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53187
Apple iPod touch and Apple iPhone referer header information disclosure CVE-2009-2797 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2011/0212
Webmail | OVH- OVHThird Party Advisory
-
http://secunia.com/advisories/36677
About Secunia Research | FlexeraThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002Third Party Advisory
-
http://support.apple.com/kb/HT3860
About the security content of iOS 3.1 and iOS 3.1.1 for iPod touch - Apple SupportPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1006-1
USN-1006-1: WebKit vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://secunia.com/advisories/41856
Sign inThird Party Advisory
-
http://www.securityfocus.com/bid/36339
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2011/0552
Webmail | OVH- OVHThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Apple - Lists.apple.comMailing List;Patch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
mandriva.comThird Party Advisory
Jump to