Details of VAR-200906-0195

ID

VAR-200906-0195

CVE

CVE-2009-2058

TITLE

Apple Safari In any Web Script execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-003501

DESCRIPTION

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Multiple Web browsers are prone to a man-in-the-middle vulnerability. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible. NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it. UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple browsers, not just Mozilla products. There is a security vulnerability in the Apple Safari "HTTP Host" header. There is an error when processing the (1) 4xx; (2) 5xx response after the proxy's CONNECT request. If the attacker can perform a man-in-the-middle attack on the routine that uses the proxy server, it will Sensitive information can be stolen from the sites a user visits

Trust: 1.98

sources: NVD: CVE-2009-2058 // JVNDB: JVNDB-2009-003501 // BID: 35380 // VULHUB: VHN-39504

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lte	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	3.2.2	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	3.2.2	Trust: 0.6
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	9.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	8.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	turbolinux	model:	wizpy	scope:	eq	version:	0	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	-	version:	-	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	eq	version:	0	Trust: 0.3
vendor:	turbolinux	model:	client	scope:	eq	version:	2008	Trust: 0.3
vendor:	suse	model:	linux enterprise server debuginfo	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise	scope:	eq	version:	11	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 99	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 96	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 95	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 114	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 113	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 112	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 111a	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 111	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 110	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 109	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 108	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 107	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 106	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 105	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 104	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 103	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 102	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 101a	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 101	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	opensolaris build snv 100	scope:	-	version:	-	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	10.2	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.2	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	12.0	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	11.0	Trust: 0.3
vendor:	slackware	model:	linux -current	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux optional productivity application server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux eus 5.3.z server	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux es 4.8.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux as 4.8.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	4.0	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	pardus	model:	linux	scope:	eq	version:	20080	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.02	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.54	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.21	Trust: 0.3
vendor:	opera	model:	software opera web browser beta build	scope:	eq	version:	7.2012981	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.20	Trust: 0.3
vendor:	opera	model:	software opera web browser j	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser b	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.11	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	7.10	Trust: 0.3
vendor:	opera	model:	software opera web browser win32 beta	scope:	eq	version:	7.02	Trust: 0.3
vendor:	opera	model:	software opera web browser win32 beta	scope:	eq	version:	7.01	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser 3win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser 2win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser 1win32	scope:	eq	version:	7.0	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.10	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.06	Trust: 0.3
vendor:	opera	model:	software opera web browser .6win32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	6.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.12	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	5.12	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.11	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.10	Trust: 0.3
vendor:	opera	model:	software opera web browser linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	opera	model:	software opera web browser win32	scope:	eq	version:	5.02	Trust: 0.3
vendor:	opera	model:	software opera web browser mac	scope:	eq	version:	5.0	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.25	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.24	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.21	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	9.201	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.20	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.02	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.54	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	8.52	Trust: 0.3
vendor:	opera	model:	software opera web browser beta	scope:	eq	version:	83	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.19	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.16	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.15	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.14	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.13	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.12	Trust: 0.3
vendor:	mozilla	model:	thunderbird beta	scope:	eq	version:	1.52	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.9	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.13	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.8	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.7.3	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.7.2	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.7.1	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.7	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	0.6	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.0.21	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	2.0.0.18	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.8	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.7	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.5	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.4	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.14	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.12	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.10	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.16	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.15	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.14	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.13	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.12	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.11	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.10	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.9	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.8	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.7	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.6	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.5	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.4	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.3	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.99	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.9	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey beta	scope:	eq	version:	1.1	Trust: 0.3
vendor:	mozilla	model:	seamonkey dev	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.020	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	1.52	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	1.51	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.512	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	mozilla	model:	firefox rc	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.8	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	3.05	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox rc3	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox rc2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox beta	scope:	eq	version:	2.01	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	8	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2009.0	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.3.1549	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.30	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.29	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	0.2.149.27	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.48	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.46	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	1.0.154.36	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux armel	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	5.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	intuity audix lx sp2	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx sp1	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	mozilla	model:	thunderbird	scope:	ne	version:	2.0.0.22	Trust: 0.3
vendor:	mozilla	model:	seamonkey	scope:	ne	version:	1.1.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	ne	version:	3.0.11	Trust: 0.3
vendor:	google	model:	chrome	scope:	ne	version:	1.0.154.53	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	ne	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	3.2.3	Trust: 0.3

sources: BID: 35380 // JVNDB: JVNDB-2009-003501 // CNNVD: CNNVD-200906-249 // NVD: CVE-2009-2058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2058
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-2058
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200906-249
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-39504
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-2058
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-39504
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-39504 // JVNDB: JVNDB-2009-003501 // CNNVD: CNNVD-200906-249 // NVD: CVE-2009-2058

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-39504 // JVNDB: JVNDB-2009-003501 // NVD: CVE-2009-2058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200906-249

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200906-249

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003501

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003501

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2058	Trust: 2.8
db:	JVNDB	id:	JVNDB-2009-003501	Trust: 0.8
db:	XF	id:	51193	Trust: 0.6
db:	CNNVD	id:	CNNVD-200906-249	Trust: 0.6
db:	BID	id:	35380	Trust: 0.3
db:	VULHUB	id:	VHN-39504	Trust: 0.1

sources: VULHUB: VHN-39504 // BID: 35380 // JVNDB: JVNDB-2009-003501 // CNNVD: CNNVD-200906-249 // NVD: CVE-2009-2058

REFERENCES

url:	http://research.microsoft.com/apps/pubs/default.aspx?id=79323	Trust: 2.0
url:	http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/51193	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2058	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2058	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/51193	Trust: 0.6
url:	http://www.google.com/chrome	Trust: 0.3
url:	http://www.microsoft.com/windows/ie/	Trust: 0.3
url:	http://www.mozilla.org/	Trust: 0.3
url:	http://www.opera.com/	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2009-231.htm	Trust: 0.3
url:	http://www.mozilla.org/security/announce/2009/mfsa2009-27.html	Trust: 0.3
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1	Trust: 0.3

sources: VULHUB: VHN-39504 // BID: 35380 // JVNDB: JVNDB-2009-003501 // CNNVD: CNNVD-200906-249 // NVD: CVE-2009-2058

CREDITS

Bob ClaryJesse Ruderman jruderman@gmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200906-249

SOURCES

db:	VULHUB	id:	VHN-39504
db:	BID	id:	35380
db:	JVNDB	id:	JVNDB-2009-003501
db:	CNNVD	id:	CNNVD-200906-249
db:	NVD	id:	CVE-2009-2058

LAST UPDATE DATE

2024-11-23T19:36:10.537000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39504	date:	2017-08-17T00:00:00
db:	BID	id:	35380	date:	2015-04-13T22:21:00
db:	JVNDB	id:	JVNDB-2009-003501	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200906-249	date:	2009-06-23T00:00:00
db:	NVD	id:	CVE-2009-2058	date:	2024-11-21T01:04:01.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39504	date:	2009-06-15T00:00:00
db:	BID	id:	35380	date:	2009-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2009-003501	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200906-249	date:	2009-06-15T00:00:00
db:	NVD	id:	CVE-2009-2058	date:	2009-06-15T19:30:05.420