CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6059
https://notcve.org/view.php?id=CVE-2008-6059
05 Feb 2009 — xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. xml/XMLHttpRequest.cpp en WebCore de WebKit anterior a r38566, no restringe el acceso adecuadamente de las páginas Web de las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2; esto ... • http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1590
https://notcve.org/view.php?id=CVE-2008-1590
14 Jul 2008 — JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •