CVE-2009-2797 — MEDIUM (5.0)

Q: How severe is CVE-2009-2797?

CVE-2009-2797 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2797?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Canonical Ubuntu Linux.

Vulnerability Description

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	< 3.1
Canonical	Ubuntu Linux	9.10

Related Weaknesses (CWE)

CWE-200

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlMailing ListPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlThird Party Advisory
http://secunia.com/advisories/36677Third Party Advisory
http://secunia.com/advisories/41856Third Party Advisory
http://secunia.com/advisories/43068Third Party Advisory
http://support.apple.com/kb/HT3860PatchVendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039Third Party Advisory
http://www.securityfocus.com/bid/36339Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1006-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
http://www.vupen.com/english/advisories/2011/0552Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53187Third Party AdvisoryVDB Entry
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlMailing ListPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlThird Party Advisory

FAQ

What is CVE-2009-2797?

CVE-2009-2797 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote ...

How severe is CVE-2009-2797?

CVE-2009-2797 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2797?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Canonical Ubuntu Linux.