CVE-2009-2797

NONECVSS 0.0

0.0

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

🔗 References (26)

cve@mitrehttp://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitrehttp://secunia.com/advisories/36677
cve@mitrehttp://secunia.com/advisories/41856
cve@mitrehttp://secunia.com/advisories/43068
cve@mitrehttp://support.apple.com/kb/HT3860
cve@mitrehttp://www.mandriva.com/security/advisories?name=MDVSA-2011:039
cve@mitrehttp://www.securityfocus.com/bid/36339
cve@mitrehttp://www.ubuntu.com/usn/USN-1006-1
cve@mitrehttp://www.vupen.com/english/advisories/2010/2722
cve@mitrehttp://www.vupen.com/english/advisories/2011/0212
cve@mitrehttp://www.vupen.com/english/advisories/2011/0552
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/53187
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Is Your Infrastructure Affected by CVE-2009-2797?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-2797

📅 Published

🔄 Last Modified

🔗 References (26)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-2797?