CVE-2009-1699: Infoleak
First published: Wed Jun 10 2009(Updated: )
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | =3.0.4b | |
| Apple Mobile Safari | =2.0.3-417.9.3 | |
| Apple Mobile Safari | =3.0.4 | |
| Apple Mobile Safari | =3.0.1-beta | |
| Apple Mobile Safari | =2.0.1 | |
| Apple Mobile Safari | =2.0.3 | |
| Apple Mobile Safari | =2.0.2 | |
| Apple Mobile Safari | =3.0.0 | |
| Apple Mobile Safari | =3.0.1 | |
| Apple Mobile Safari | =3.0.2 | |
| Apple Mobile Safari | <=3.2.2 | |
| Apple Mobile Safari | =3.0.3b | |
| Apple Mobile Safari | =3.1.1 | |
| Apple Mobile Safari | =2.0.3-417.9 | |
| Apple Mobile Safari | =2.0.3-417.9.2 | |
| Apple Mobile Safari | =3.0.3 | |
| Apple Mobile Safari | =2.0 | |
| Apple Mobile Safari | =2.0.3-417.8 | |
| Apple Mobile Safari | =3.1.2 | |
| Apple Mobile Safari | =3.1.0b | |
| Apple Mobile Safari | =3.1.0 | |
| Apple Mobile Safari | =2.0.4 | |
| Apple Mobile Safari | =3.0.0b | |
| Apple Mobile Safari | =2.0.0 | |
| Apple Mobile Safari | =3.2.0 | |
| Apple Mobile Safari | =3.0.2b | |
| Apple Mobile Safari | =3.0.1b | |
| Apple Mobile Safari | =3.2.1 | |
| Apple Mobile Safari | =3.0 | |
| iStyle @cosme iPhone OS | =1.0.0 | |
| iStyle @cosme iPhone OS | =1.0.1 | |
| iStyle @cosme iPhone OS | =1.0.2 | |
| iStyle @cosme iPhone OS | =1.1.0 | |
| iStyle @cosme iPhone OS | =1.1.1 | |
| iStyle @cosme iPhone OS | =1.1.2 | |
| iStyle @cosme iPhone OS | =1.1.3 | |
| iStyle @cosme iPhone OS | =1.1.4 | |
| iStyle @cosme iPhone OS | =1.1.5 | |
| iStyle @cosme iPhone OS | =2.0 | |
| iStyle @cosme iPhone OS | =2.0.0 | |
| iStyle @cosme iPhone OS | =2.0.1 | |
| iStyle @cosme iPhone OS | =2.0.2 | |
| iStyle @cosme iPhone OS | =2.1 | |
| iStyle @cosme iPhone OS | =2.1.1 | |
| iStyle @cosme iPhone OS | =2.2 | |
| iStyle @cosme iPhone OS | =2.2.1 | |
| iStyle @cosme iPhone OS | ||
| Apple iPod touch | ||
| Apple Mobile Safari | <4.0 | |
| iStyle @cosme iPhone OS | >=1.0.0<=2.2.1 | |
| Ubuntu | =8.10 | |
| Ubuntu | =9.04 | |
| SUSE Linux | =11.2 | |
| SUSE Linux | =11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://www.vupen.com/english/advisories/2009/1522
- http://www.securityfocus.com/bid/35260
- http://secunia.com/advisories/35379
- http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
- http://scary.beasts.org/security/CESA-2009-006.html
- http://support.apple.com/kb/HT3613
- http://osvdb.org/54972
- http://www.securityfocus.com/bid/35321
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://support.apple.com/kb/HT3639
- http://www.vupen.com/english/advisories/2009/1621
- http://www.ubuntu.com/usn/USN-857-1
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://www.vupen.com/english/advisories/2011/0212
- https://www.exploit-db.com/exploits/8907
Frequently Asked Questions
What is the severity of CVE-2009-1699?
CVE-2009-1699 has been classified as a moderate severity vulnerability.
What software versions are affected by CVE-2009-1699?
CVE-2009-1699 affects Apple Safari versions prior to 4.0, as well as specific versions of iPhone OS and iPod touch firmware.
How do I fix CVE-2009-1699?
To fix CVE-2009-1699, update Apple Safari and iPhone OS to the latest versions that address this vulnerability.
What type of vulnerability is CVE-2009-1699?
CVE-2009-1699 is an XML external entity vulnerability that allows unauthorized file access.
Can CVE-2009-1699 be exploited remotely?
Yes, CVE-2009-1699 can be exploited remotely through crafted DTD files.
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/author
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/3.0.4b
- version/apple mobile safari/2.0.3-417.9.3
- version/apple mobile safari/3.0.4
- version/apple mobile safari/3.0.1-beta
- version/apple mobile safari/2.0.1
- version/apple mobile safari/2.0.3
- version/apple mobile safari/2.0.2
- version/apple mobile safari/3.0.0
- version/apple mobile safari/3.0.1
- version/apple mobile safari/3.0.2
- version/apple mobile safari/3.2.2
- version/apple mobile safari/3.0.3b
- version/apple mobile safari/3.1.1
- version/apple mobile safari/2.0.3-417.9
- version/apple mobile safari/2.0.3-417.9.2
- version/apple mobile safari/3.0.3
- version/apple mobile safari/2.0
- version/apple mobile safari/2.0.3-417.8
- version/apple mobile safari/3.1.2
- version/apple mobile safari/3.1.0b
- version/apple mobile safari/3.1.0
- version/apple mobile safari/2.0.4
- version/apple mobile safari/3.0.0b
- version/apple mobile safari/2.0.0
- version/apple mobile safari/3.2.0
- version/apple mobile safari/3.0.2b
- version/apple mobile safari/3.0.1b
- version/apple mobile safari/3.2.1
- version/apple mobile safari/3.0
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/1.0.0
- version/istyle @cosme iphone os/1.0.1
- version/istyle @cosme iphone os/1.0.2
- version/istyle @cosme iphone os/1.1.0
- version/istyle @cosme iphone os/1.1.1
- version/istyle @cosme iphone os/1.1.2
- version/istyle @cosme iphone os/1.1.3
- version/istyle @cosme iphone os/1.1.4
- version/istyle @cosme iphone os/1.1.5
- version/istyle @cosme iphone os/2.0
- version/istyle @cosme iphone os/2.0.0
- version/istyle @cosme iphone os/2.0.1
- version/istyle @cosme iphone os/2.0.2
- version/istyle @cosme iphone os/2.1
- version/istyle @cosme iphone os/2.1.1
- version/istyle @cosme iphone os/2.2
- version/istyle @cosme iphone os/2.2.1
- canonical/apple ipod touch
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/8.10
- version/ubuntu/9.04
- vendor/opensuse
- canonical/suse linux
- version/suse linux/11.2
- version/suse linux/11.3