CVE-2009-2797: Infoleak
First published: Thu Sep 10 2009(Updated: )
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iOS | <3.1 | |
| Apple iPhone OS | <3.1.1 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| Ubuntu | =10.10 | |
| Ubuntu | =10.04 | |
| Ubuntu | =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/36677
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
- http://support.apple.com/kb/HT3860
- http://secunia.com/advisories/41856
- http://www.ubuntu.com/usn/USN-1006-1
- http://www.vupen.com/english/advisories/2010/2722
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
- http://www.vupen.com/english/advisories/2011/0552
- http://www.securityfocus.com/bid/36339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53187
Frequently Asked Questions
What is the severity of CVE-2009-2797?
The severity of CVE-2009-2797 is classified as moderate, as it allows for potential sensitive information exposure.
How do I fix CVE-2009-2797?
To fix CVE-2009-2797, update to Safari or iPhone OS versions after 3.1 or to iPod touch versions after 3.1.1.
What do the affected versions for CVE-2009-2797 include?
CVE-2009-2797 affects Apple iPhone OS versions before 3.1 and iPod touch versions before 3.1.1, as well as specific Ubuntu Linux versions.
What type of information is vulnerable in CVE-2009-2797?
CVE-2009-2797 can expose usernames and passwords included in URLs sent in Referer headers.
Can CVE-2009-2797 be exploited remotely?
Yes, CVE-2009-2797 can be exploited remotely by attackers accessing Referer logs on affected web servers.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/apple
- canonical/ios
- canonical/apple iphone os
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/9.10
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- canonical/ubuntu
- version/ubuntu/10.10
- version/ubuntu/10.04
- version/ubuntu/9.10