CVE-2009-1713: Infoleak
First published: Wed Jun 10 2009(Updated: )
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | =1.1 | |
| Apple Safari | =1.3.1 | |
| Apple Safari | =3.2.3 | |
| Apple Safari | =2.0.2 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | =3.0 | |
| Apple Safari | =0.8 | |
| Apple Safari | =2.0 | |
| Apple Safari | =3.0.4 | |
| Apple Safari | =0.9 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =1.3.2 | |
| Apple Safari | =1.2 | |
| Apple Safari | <=4.0_beta | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =2.0.4 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =1.0.3 | |
| Apple Safari | =1.0 | |
| Apple Safari | =1.3 | |
| Apple Safari | =3.2 | |
| Apple Safari | =3.0.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | <=3.2.3 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =3.0 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.2.2 | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/1522
- http://www.securityfocus.com/bid/35260
- http://support.apple.com/kb/HT3613
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://secunia.com/advisories/35379
- http://osvdb.org/54975
- http://www.ubuntu.com/usn/USN-857-1
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51267
Frequently Asked Questions
What is the severity of CVE-2009-1713?
CVE-2009-1713 is considered a critical vulnerability due to its potential to allow remote attackers to read arbitrary local files.
How do I fix CVE-2009-1713?
To fix CVE-2009-1713, upgrade your Apple Safari browser to version 4.0 or later.
What versions of Safari are affected by CVE-2009-1713?
CVE-2009-1713 affects multiple versions of Safari prior to 4.0, including versions 1.1 to 3.2.3.
What is the impact of CVE-2009-1713?
The impact of CVE-2009-1713 includes unauthorized access to local files and cross-zone file access, compromising user privacy.
What type of attack does CVE-2009-1713 allow?
CVE-2009-1713 allows remote attackers to exploit the vulnerability via crafted XSLT files to read local and other zone files.
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/apple
- canonical/apple safari
- version/apple safari/1.1
- version/apple safari/1.3.1
- version/apple safari/3.2.3
- version/apple safari/2.0.2
- version/apple safari/3.1
- version/apple safari/3.1.2
- version/apple safari/3.0
- version/apple safari/0.8
- version/apple safari/2.0
- version/apple safari/3.0.4
- version/apple safari/0.9
- version/apple safari/3.0.3
- version/apple safari/1.3.2
- version/apple safari/1.2
- version/apple safari/4.0_beta
- version/apple safari/3.2.1
- version/apple safari/3.0.2
- version/apple safari/2.0.4
- version/apple safari/3.1.1
- version/apple safari/1.0.3
- version/apple safari/1.0
- version/apple safari/1.3
- version/apple safari/3.2
- version/apple safari/3.0.1
- version/apple safari/3.2.2