Home > Vulnerability Database > CVE-2009-2797

Mend.io Vulnerability Database

CVE-2009-2797

Date: September 10, 2009

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

Severity Score

5.3

Related Resources (15)

Url: http://secunia.com/advisories/41856

Url: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-2797

Url: http://www.vupen.com/english/advisories/2010/2722

Url: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Url: http://secunia.com/advisories/36677

Url: http://secunia.com/advisories/43068

Url: http://www.securityfocus.com/bid/36339

Url: http://www.ubuntu.com/usn/USN-1006-1

Url: http://support.apple.com/kb/HT3860

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/53187

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Url: http://www.vupen.com/english/advisories/2011/0212

Url: http://www.vupen.com/english/advisories/2011/0552

Url: https://www.mend.io/vulnerability-database/CVE-2009-2797

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-2797

Date: September 10, 2009

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?