The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html - Mailing List, Patch, Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - Mailing List, Vendor Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Third Party Advisory | |
References | () http://osvdb.org/59940 - Broken Link | |
References | () http://osvdb.org/59967 - Broken Link | |
References | () http://secunia.com/advisories/37346 - Third Party Advisory | |
References | () http://secunia.com/advisories/37358 - Third Party Advisory | |
References | () http://secunia.com/advisories/37393 - Third Party Advisory | |
References | () http://secunia.com/advisories/37397 - Third Party Advisory | |
References | () http://secunia.com/advisories/43068 - Third Party Advisory | |
References | () http://support.apple.com/kb/HT3949 - Patch, Vendor Advisory | |
References | () http://support.apple.com/kb/HT4225 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/36997 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1023165 - Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2009/3217 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2009/3233 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2011/0212 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=525789 - Issue Tracking, Third Party Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 - Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html - Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html - Third Party Advisory |
08 Nov 2021, 21:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.3.154.3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.2.149.30:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.2.153.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.43:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.4.154.22:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.46:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.158.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.4.154.33:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.3_417.9.3:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.156.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.3.154.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0_pre:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.42:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.2.152.1:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:* cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.2.149.29:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.39:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.31:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.4_beta:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.36:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:3.0.193.2:beta:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.4.154.31:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.4.154.18:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.159.0:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:0.2.149.27:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:* cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:1.0.154.52:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.157.0:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:google:chrome:2.0.157.2:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:* |
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37346 - Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37358 - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=525789 - Issue Tracking, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/36997 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/43068 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html - Third Party Advisory | |
References | (OSVDB) http://osvdb.org/59967 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/37397 - Third Party Advisory | |
References | (OSVDB) http://osvdb.org/59940 - Broken Link | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html - Mailing List, Vendor Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37393 - Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/54239 - Third Party Advisory, VDB Entry | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html - Mailing List, Patch, Vendor Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1023165 - Third Party Advisory, VDB Entry |
Information
Published : 2009-11-13 15:30
Updated : 2024-11-21 01:05
NVD link : CVE-2009-2816
Mitre link : CVE-2009-2816
CVE.ORG link : CVE-2009-2816
JSON object : View
Products Affected
apple
- iphone_os
- safari
opensuse
- opensuse
fedoraproject
- fedora
- chrome
CWE
CWE-352
Cross-Site Request Forgery (CSRF)