CVE-2009-2797

Published: Sep 10, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

Affected (5)

Products: Apple: Iphone Os · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 3.1
Apple Iphone Os	Before 3.1.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 9.10

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (26)

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/36677

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/41856

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/43068

Source: cve@mitre.org

Third Party Advisory

http://support.apple.com/kb/HT3860

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/36339

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1006-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2722

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0552

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/53187

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/36677

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://support.apple.com/kb/HT3860

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/36339

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/53187

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.