Details of VAR-200906-0191

ID

VAR-200906-0191

CVE

CVE-2009-2062

TITLE

Apple Safari In https Any in the site context Web Script execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-003502

DESCRIPTION

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Multiple browsers are prone to a man-in-the-middle vulnerability. Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors. The following are vulnerable: Mozilla Firefox prior to 3.0.10 Apple Safari prior to 3.2.2 Opera prior to 9.25 Additional browsers may also be affected. A man-in-the-middle attacker can modify the content of an http site by modifying the response of the content and causing an attack on any http network site. A 302 redirect message to execute arbitrary web scripts

Trust: 1.98

sources: NVD: CVE-2009-2062 // JVNDB: JVNDB-2009-003502 // BID: 35412 // VULHUB: VHN-39508

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 1.9
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	0.9	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.0b1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	0.8	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 1.3
vendor:	apple	model:	safari	scope:	eq	version:	3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0_pre	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3_417.9.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	3.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.4_beta	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.3.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.1.0b	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.4	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.5	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.2.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4_419.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	1.1.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	3.2.2	Trust: 0.8
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser b	scope:	eq	version:	7.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.9	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.52	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.23	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.16	Trust: 0.3
vendor:	opera	model:	software opera web browser win32 beta	scope:	eq	version:	7.02	Trust: 0.3
vendor:	opera	model:	software opera web browser 1win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.02	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.3	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.01	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.20	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.02	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.22	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.20	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.6	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	1.52	Trust: 0.3
vendor:	opera	model:	software opera web browser win32 beta	scope:	eq	version:	7.01	Trust: 0.3
vendor:	opera	model:	software opera web browser beta build	scope:	eq	version:	7.2012981	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.24	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.23	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	5.12	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.02	Trust: 0.3
vendor:	opera	model:	software opera web browser j	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.05	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.8	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	9.201	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	2.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.22	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.020	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.54	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	83	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.21	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox rc3	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	1.51	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox rc2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.54	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.10	Trust: 0.3
vendor:	opera	model:	software opera web browser .6win32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.6	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.51	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	ne	version:	3.0.10	Trust: 0.3
vendor:	opera	model:	software opera web browser 3win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.512	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.53	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox rc	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.10	Trust: 0.3
vendor:	opera	model:	software opera web browser mac	scope:	eq	version:	5.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.13	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.21	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.50	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser 2win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.12	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.01	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.15	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.9	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	ne	version:	9.25	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	3.2.2	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.06	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.8	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.12	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	4	Trust: 0.3

sources: BID: 35412 // JVNDB: JVNDB-2009-003502 // CNNVD: CNNVD-200906-253 // NVD: CVE-2009-2062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2062
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-2062
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200906-253
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-39508
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-2062
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-39508
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39508 // JVNDB: JVNDB-2009-003502 // CNNVD: CNNVD-200906-253 // NVD: CVE-2009-2062

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-39508 // JVNDB: JVNDB-2009-003502 // NVD: CVE-2009-2062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-253

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200906-253

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003502

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003502

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2062	Trust: 2.8
db:	BID	id:	35412	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-003502	Trust: 0.8
db:	XF	id:	51202	Trust: 0.6
db:	CNNVD	id:	CNNVD-200906-253	Trust: 0.6
db:	VULHUB	id:	VHN-39508	Trust: 0.1

sources: VULHUB: VHN-39508 // BID: 35412 // JVNDB: JVNDB-2009-003502 // CNNVD: CNNVD-200906-253 // NVD: CVE-2009-2062

REFERENCES

url:	http://research.microsoft.com/apps/pubs/default.aspx?id=79323	Trust: 2.0
url:	http://www.securityfocus.com/bid/35412	Trust: 1.7
url:	http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/51202	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2062	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2062	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/51202	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.mozilla.org/	Trust: 0.3
url:	http://www.opera.com/	Trust: 0.3

sources: VULHUB: VHN-39508 // BID: 35412 // JVNDB: JVNDB-2009-003502 // CNNVD: CNNVD-200906-253 // NVD: CVE-2009-2062

CREDITS

Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang of Microsoft Security Research

Trust: 0.9

sources: BID: 35412 // CNNVD: CNNVD-200906-253

SOURCES

db:	VULHUB	id:	VHN-39508
db:	BID	id:	35412
db:	JVNDB	id:	JVNDB-2009-003502
db:	CNNVD	id:	CNNVD-200906-253
db:	NVD	id:	CVE-2009-2062

LAST UPDATE DATE

2024-11-23T20:59:36.704000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39508	date:	2017-08-17T00:00:00
db:	BID	id:	35412	date:	2009-09-15T18:01:00
db:	JVNDB	id:	JVNDB-2009-003502	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200906-253	date:	2009-06-23T00:00:00
db:	NVD	id:	CVE-2009-2062	date:	2024-11-21T01:04:02.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39508	date:	2009-06-15T00:00:00
db:	BID	id:	35412	date:	2009-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2009-003502	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200906-253	date:	2009-06-15T00:00:00
db:	NVD	id:	CVE-2009-2062	date:	2009-06-15T19:30:05.530