CVE-2009-2797

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:ipod_touch:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-10 21:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-2797

Mitre link : CVE-2009-2797

CVE.ORG link : CVE-2009-2797


JSON object : View

Products Affected

apple

  • iphone_os

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor