CVE-2009-2816

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
References
Link Resource
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html Mailing List Patch Vendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html Mailing List Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html Third Party Advisory
http://osvdb.org/59940 Broken Link
http://osvdb.org/59967 Broken Link
http://secunia.com/advisories/37346 Third Party Advisory
http://secunia.com/advisories/37358 Third Party Advisory
http://secunia.com/advisories/37393 Third Party Advisory
http://secunia.com/advisories/37397 Third Party Advisory
http://secunia.com/advisories/43068 Third Party Advisory
http://support.apple.com/kb/HT3949 Patch Vendor Advisory
http://support.apple.com/kb/HT4225 Vendor Advisory
http://www.securityfocus.com/bid/36997 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023165 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/3217 Vendor Advisory
http://www.vupen.com/english/advisories/2009/3233 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0212 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=525789 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html Mailing List Patch Vendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html Mailing List Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html Third Party Advisory
http://osvdb.org/59940 Broken Link
http://osvdb.org/59967 Broken Link
http://secunia.com/advisories/37346 Third Party Advisory
http://secunia.com/advisories/37358 Third Party Advisory
http://secunia.com/advisories/37393 Third Party Advisory
http://secunia.com/advisories/37397 Third Party Advisory
http://secunia.com/advisories/43068 Third Party Advisory
http://support.apple.com/kb/HT3949 Patch Vendor Advisory
http://support.apple.com/kb/HT4225 Vendor Advisory
http://www.securityfocus.com/bid/36997 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1023165 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/3217 Vendor Advisory
http://www.vupen.com/english/advisories/2009/3233 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0212 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=525789 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*

History

21 Nov 2024, 01:05

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html - Mailing List, Patch, Vendor Advisory () http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html - Mailing List, Patch, Vendor Advisory
References () http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - Mailing List, Vendor Advisory () http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - Mailing List, Vendor Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Third Party Advisory
References () http://osvdb.org/59940 - Broken Link () http://osvdb.org/59940 - Broken Link
References () http://osvdb.org/59967 - Broken Link () http://osvdb.org/59967 - Broken Link
References () http://secunia.com/advisories/37346 - Third Party Advisory () http://secunia.com/advisories/37346 - Third Party Advisory
References () http://secunia.com/advisories/37358 - Third Party Advisory () http://secunia.com/advisories/37358 - Third Party Advisory
References () http://secunia.com/advisories/37393 - Third Party Advisory () http://secunia.com/advisories/37393 - Third Party Advisory
References () http://secunia.com/advisories/37397 - Third Party Advisory () http://secunia.com/advisories/37397 - Third Party Advisory
References () http://secunia.com/advisories/43068 - Third Party Advisory () http://secunia.com/advisories/43068 - Third Party Advisory
References () http://support.apple.com/kb/HT3949 - Patch, Vendor Advisory () http://support.apple.com/kb/HT3949 - Patch, Vendor Advisory
References () http://support.apple.com/kb/HT4225 - Vendor Advisory () http://support.apple.com/kb/HT4225 - Vendor Advisory
References () http://www.securityfocus.com/bid/36997 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/36997 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1023165 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1023165 - Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2009/3217 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/3217 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/3233 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/3233 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0212 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0212 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=525789 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=525789 - Issue Tracking, Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 - Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html - Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html - Third Party Advisory

08 Nov 2021, 21:43

Type Values Removed Values Added
CPE cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3_417.9.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0_pre:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4_beta:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/37346 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37346 - Third Party Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/37358 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37358 - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=525789 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=525789 - Issue Tracking, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/36997 - (BID) http://www.securityfocus.com/bid/36997 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/43068 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/43068 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Third Party Advisory
References (OSVDB) http://osvdb.org/59967 - (OSVDB) http://osvdb.org/59967 - Broken Link
References (SECUNIA) http://secunia.com/advisories/37397 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37397 - Third Party Advisory
References (OSVDB) http://osvdb.org/59940 - (OSVDB) http://osvdb.org/59940 - Broken Link
References (APPLE) http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - Vendor Advisory (APPLE) http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - Mailing List, Vendor Advisory
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/37393 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/37393 - Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 - Third Party Advisory, VDB Entry
References (APPLE) http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html - Patch, Vendor Advisory (APPLE) http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html - Mailing List, Patch, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id?1023165 - (SECTRACK) http://www.securitytracker.com/id?1023165 - Third Party Advisory, VDB Entry

Information

Published : 2009-11-13 15:30

Updated : 2024-11-21 01:05


NVD link : CVE-2009-2816

Mitre link : CVE-2009-2816

CVE.ORG link : CVE-2009-2816


JSON object : View

Products Affected

apple

  • iphone_os
  • safari

opensuse

  • opensuse

fedoraproject

  • fedora

google

  • chrome
CWE
CWE-352

Cross-Site Request Forgery (CSRF)