| CVE-2009-2841 |
| 기본정보 |
- 공개일 : 2009-11-14
- 변경일 : 2011-03-18
|
| CVSS 평가 |
- 위험도: 5.0
-
액세스 벡터
:
NETWORK
-
액세스 복잡성
:
낮음
-
인증
:
없음
-
기밀성 영향
:
부분
-
무결성 영향
:
없음
-
가용성 영향
:
없음
-
출처
:
http://nvd.nist.gov
-
공개일
:
2009-11-14
|
| 설명 |
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.
|
| 참조 |
- CONFIRM, http://support.apple.com/kb/HT3949
- APPLE, APPLE-SA-2009-11-11-1
- CONFIRM, https://bugzilla.redhat.com/show_bug.cgi?id=525791
- XF, safari-5media-security-bypass(54242)
- VUPEN, ADV-2011-0552
- VUPEN, ADV-2011-0212
- VUPEN, ADV-2010-2722
- VUPEN, ADV-2010-1801
- VUPEN, ADV-2009-3217
- UBUNTU, USN-1006-1
- SECTRACK, 1023167
- BID, 36996
- MANDRIVA, MDVSA-2011:039
- CONFIRM, http://trac.webkit.org/changeset/49480
- MISC, http://threatpost.com/en_us/blogs/apple-patches-critical-safari-vulnerab..
- CONFIRM, http://support.apple.com/kb/HT4013
- SECUNIA, 43068
- SECUNIA, 41856
- SECUNIA, 40557
- SECUNIA, 37346
- OSVDB, 59941
- SUSE, SUSE-SR:2011:002
- FEDORA, FEDORA-2010-11020
- FEDORA, FEDORA-2010-11011
- APPLE, APPLE-SA-2010-02-02-1
|
| 취약 소프트웨어 |
-
apple
safari
1.3.2
-
apple
safari
2
-
apple
safari
3.0.1b
-
apple
safari
3.0.1
-
apple
safari
3.2.3
-
apple
safari
3.1.0b
-
apple
safari
1.2.4
-
apple
safari
3.0.2
-
apple
safari
1.2.1
-
apple
safari
1.2.2
-
apple
safari
3
-
apple
safari
4.0.1
-
apple
safari
2.0.3
-
apple
safari
3.1
-
apple
safari
3.0.0b
-
apple
safari
1.0
-
apple
safari
4.0
-
apple
safari
3.0.4b
-
apple
safari
3.0.1
-
apple
safari
3.0.4_beta
-
apple
safari
1.2.0
-
apple
safari
3.1.0
-
apple
safari
2.0_pre
-
apple
safari
1.0
-
apple
safari
2.0.3
-
apple
safari
2.0.4_419.3
-
apple
safari
2.0.4
-
apple
safari
1.2
-
apple
safari
1.0.0b2
-
apple
safari
2.0.0
-
apple
safari
0.9
-
apple
safari
2.0.3
-
apple
safari
3.0.4
-
apple
safari
1.1.1
-
apple
safari
4.0
-
apple
safari
1.2.3
-
apple
safari
1.1.0
-
apple
safari
3.0.0
-
apple
safari
3.1.1
-
apple
safari
4.0.2
-
apple
safari
2.0.3
-
apple
safari
3.0.2b
-
apple
safari
3.2
-
apple
safari
3.2.1
-
apple
safari
2.0.1
-
apple
safari
4.0.3
-
apple
safari
1.0.1
-
apple
safari
4.0.0b
-
apple
safari
2.0.3
-
apple
safari
3.0.3b
-
apple
safari
3.0
-
apple
safari
1.0.3
-
apple
safari
2.0.2
-
apple
safari
1.3
-
apple
safari
2.0
-
apple
safari
2.0.3_417.9.3
-
apple
safari
1.2.5
-
apple
safari
1.0
-
apple
safari
0.8
-
apple
safari
1.0.2
-
apple
safari
1.3.1
-
apple
safari
3.0.3
-
apple
safari
3.2.2
-
apple
safari
3.1.2
-
apple
safari
1.3.0
-
apple
safari
1.0.0b1
-
apple
safari
1.0.0
-
apple
safari
3.2.0
|
