NVD

Id
50039  
Name
CVE-2009-2816  
Description
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-11-13  
Modified Date
2011-02-24  
Seq
2009-2816  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
253166 50039 CVE-2009-2816 APPLE-SA-2009-11-11-1  View
253167 50039 CVE-2009-2816 APPLE-SA-2010-06-21-1  View
253168 50039 CVE-2009-2816 SUSE-SR:2011:002  View
253169 50039 CVE-2009-2816 oval:org.mitre.oval:def:6516  View
253170 50039 CVE-2009-2816 http://support.apple.com/kb/HT3949  View
253171 50039 CVE-2009-2816 http://support.apple.com/kb/HT4225  View
253172 50039 CVE-2009-2816 36997  View
253173 50039 CVE-2009-2816 1023165  View
253174 50039 CVE-2009-2816 ADV-2009-3217  View
253175 50039 CVE-2009-2816 ADV-2009-3233  View
253176 50039 CVE-2009-2816 ADV-2011-0212  View
253177 50039 CVE-2009-2816 safari-crossorigin-csrf(54239)  View
253178 50039 CVE-2009-2816 https://bugzilla.redhat.com/show_bug.cgi?id=525789  View
253179 50039 CVE-2009-2816 FEDORA-2009-11487  View
253180 50039 CVE-2009-2816 FEDORA-2009-11491  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41387 JVNDB-2009-002394 WebKit におけるクロスサイトリクエストフォージェリの脆弱性 Apple Safari 等で使用されている WebKit には、OPTIONS リクエストにカスタム HTTP ヘッダを含むため、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2009-2816 40247 CVE-2009-2816 50039 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002394.html 2009-11-11 2010-07-13 View