Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-1697

EPSS 0.22% · P44
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-1697

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apple Safari WebKit "Same Origin Policy" 安全绕过和CRLF注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器 。 Apple Safari "WebKit"在处理WebKit的XMLHttpRequest头时存在CRLF注入漏洞,可能允许恶意网站通过发布缺少Host头的XMLHttpRequest绕过同源策略。缺少Host头的XMLHttpRequest可能到达同一服务 器上的其他网站,允许攻击者所提供的JavaScript与这些网站交互 。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-1697

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-1697

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-06-10 · 66 CVEs total

CVE-2009-1708Apple Safari "open-help-anchor URL" 信息泄露漏洞
CVE-2009-1690Apple Safari 资源管理错误漏洞
CVE-2009-1689Apple Safari WebKit "about:blank"表单跨站脚本攻击漏洞
CVE-2009-1688Apple Safari WebKit 跨站脚本攻击漏洞
CVE-2009-1714Apple Safari WebKit "Web Inspector" 跨站脚本漏洞
CVE-2009-1713Apple Safari WebKit "XSLT"功能文件读取漏洞
CVE-2009-1712Apple Safari WebKit "Java applets" 代码执行和权限提升漏洞
CVE-2009-1711Apple Safari WebKit "Attr DOM"对象拒绝服务攻击漏洞
CVE-2009-1710Apple Safari "WebKit" 用户欺骗安全漏洞
CVE-2009-1709Apple Safari WebKit WebCore "garbage-collection"功能内存破坏漏洞
CVE-2009-1715Apple Safari WebKit "Web Inspector" 跨站脚本攻击漏洞
CVE-2009-1707Apple Safari "Reset Safari"功能信息泄露漏洞
CVE-2009-1706Apple Safari "Private Browsing"功能信息泄露漏洞
CVE-2009-1705Apple Safari CoreGraphics "TrueType "字体解析代码执行和拒绝服务攻击漏洞
CVE-2009-1704Apple Safari CFNetwork 图像文件类型检查代码执行漏洞
CVE-2009-1703Apple Safari WebKit "file: URLs" 跨站脚本攻击漏洞
CVE-2009-1702Apple Safari 跨站脚本漏洞
CVE-2009-1701Apple Safari 资源管理错误漏洞
CVE-2009-1700Apple Safari WebKit 'XSLT'功能信息泄露漏洞
CVE-2009-1699Apple Safari 信息泄露漏洞

Showing top 20 of 66 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-1697

No comments yet

Leave a comment