HomePentest-Tools.com Logo

Apple Safari Multiple Vulnerabilities - Nov09 CVE-2009-2816CVE-2009-2842CVE-2009-3384

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apple Safari is prone to multiple vulnerabilities.

Risk description

- An error exists in WebKit when sending preflight requests originating from a page in a different origin. This can be exploited to facilitate cross-site request forgery attacks by injecting custom HTTP headers. - An error exists when handling an Open Image in New Tab, Open Image in New Window, or Open Link in New Tab shortcut menu action performed on a link to a local file. This can be exploited to load a local HTML file and disclose sensitive information by tricking a user into performing the affected actions within a specially crafted webpage. - Multiple errors in WebKit when handling FTP directory listings can be exploited to disclose sensitive information. Successful exploitation could allow attackers to bypass certain security restrictions, disclose sensitive information, or compromise a users system.

Recommendation

Upgrade to Safari version 4.0.4 or latest version.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 13, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available