Vulnerability Details : CVE-2009-2797
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2009-2797
Probability of exploitation activity in the next 30 days: 0.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-2797
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-2797
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2797
-
http://www.vupen.com/english/advisories/2010/2722
Webmail | OVH- OVHThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/53187
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2011/0212
Webmail | OVH- OVHThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:002Third Party Advisory
-
http://support.apple.com/kb/HT3860
Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1006-1
USN-1006-1: WebKit vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/36339
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2011/0552
Webmail | OVH- OVHThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Mailing List;Patch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
mandriva.comThird Party Advisory
Products affected by CVE-2009-2797
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:ipod_touch:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*