CVE-2009-1700 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 24.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Apple Iphone OS

Timeline

PublishedJun 10

Latest updateMay 2

Description

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/iphone_os17 versions+16

▶NVDapple/safari3.2.2+23

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-4hwh-c92m-9mrx: The XSLT implementation in WebKit in Apple Safari before 4↗2022-05-02

▶

OSV

CVE-2009-1700: The XSLT implementation in WebKit in Apple Safari before 4↗2009-06-10

▶