CVE-2009-1699
WebKit - XML External Entity Information Disclosure
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
La implementación de la hoja de estilo XSL en WebKit en Apple Safari anterior a v4.0 no maneja adecuadamente las entidades externas XML, lo cual permite a atacantes remotos leer ficheros arbitrarios a través de un DTD elaborado, como lo demuestra un fichero: ///etc/passwd URL en una declaración de entidad, relacionado con un "ataque XXE".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-08 First Exploit
- 2009-05-20 CVE Reserved
- 2009-06-10 CVE Published
- 2024-02-10 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/54972 | Broken Link | |
| http://secunia.com/advisories/43068 | Broken Link | |
| http://www.securityfocus.com/bid/35321 | Broken Link | |
| http://www.vupen.com/english/advisories/2009/1621 | Broken Link | |
| http://www.vupen.com/english/advisories/2011/0212 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33034 | 2009-05-08 | |
| http://scary.beasts.org/security/CESA-2009-006.html | 2024-08-07 | |
| http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html | 2024-08-07 | |
| http://www.securityfocus.com/bid/35260 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/8907 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | 2024-02-10 | |
| http://support.apple.com/kb/HT3613 | 2024-02-10 | |
| http://www.vupen.com/english/advisories/2009/1522 | 2024-02-10 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | 2024-02-10 | |
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | 2024-02-10 | |
| http://secunia.com/advisories/35379 | 2024-02-10 | |
| http://support.apple.com/kb/HT3639 | 2024-02-10 | |
| http://www.ubuntu.com/usn/USN-857-1 | 2024-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | < 4.0 Search vendor "Apple" for product "Safari" and version " < 4.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 1.0.0 <= 2.2.1 Search vendor "Apple" for product "Iphone Os" and version " >= 1.0.0 <= 2.2.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.2 Search vendor "Opensuse" for product "Opensuse" and version "11.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.3 Search vendor "Opensuse" for product "Opensuse" and version "11.3" | - |
Affected
| ||||||