CVE-2009-2816 Detail

CVE-2009-2816

CVE Descriptions

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-352	Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Apple>>Safari >> Version To (excluding) 4.0.4

Apple>>Safari >> Version - (Open CPE detail)
Apple>>Safari >> Version 1.0 (Open CPE detail)
Apple>>Safari >> Version 1.0 (Open CPE detail)
Apple>>Safari >> Version 1.0 (Open CPE detail)
Apple>>Safari >> Version 1.0.0 (Open CPE detail)
Apple>>Safari >> Version 1.0.0b1 (Open CPE detail)
Apple>>Safari >> Version 1.0.0b2 (Open CPE detail)
Apple>>Safari >> Version 1.0.1 (Open CPE detail)
Apple>>Safari >> Version 1.0.2 (Open CPE detail)
Apple>>Safari >> Version 1.0.3 (Open CPE detail)
Apple>>Safari >> Version 1.0.3 (Open CPE detail)
Apple>>Safari >> Version 1.0.3 (Open CPE detail)
Apple>>Safari >> Version 1.0b1 (Open CPE detail)
Apple>>Safari >> Version 1.1 (Open CPE detail)
Apple>>Safari >> Version 1.1.0 (Open CPE detail)
Apple>>Safari >> Version 1.1.1 (Open CPE detail)
Apple>>Safari >> Version 1.2 (Open CPE detail)
Apple>>Safari >> Version 1.2.0 (Open CPE detail)
Apple>>Safari >> Version 1.2.1 (Open CPE detail)
Apple>>Safari >> Version 1.2.2 (Open CPE detail)
Apple>>Safari >> Version 1.2.3 (Open CPE detail)
Apple>>Safari >> Version 1.2.4 (Open CPE detail)
Apple>>Safari >> Version 1.2.5 (Open CPE detail)
Apple>>Safari >> Version 1.3 (Open CPE detail)
Apple>>Safari >> Version 1.3.0 (Open CPE detail)
Apple>>Safari >> Version 1.3.1 (Open CPE detail)
Apple>>Safari >> Version 1.3.2 (Open CPE detail)
Apple>>Safari >> Version 1.3.2 (Open CPE detail)
Apple>>Safari >> Version 1.3.2 (Open CPE detail)
Apple>>Safari >> Version 2 (Open CPE detail)
Apple>>Safari >> Version 2.0 (Open CPE detail)
Apple>>Safari >> Version 2.0.0 (Open CPE detail)
Apple>>Safari >> Version 2.0.1 (Open CPE detail)
Apple>>Safari >> Version 2.0.2 (Open CPE detail)
Apple>>Safari >> Version 2.0.3 (Open CPE detail)
Apple>>Safari >> Version 2.0.3 (Open CPE detail)
Apple>>Safari >> Version 2.0.3 (Open CPE detail)
Apple>>Safari >> Version 2.0.3 (Open CPE detail)
Apple>>Safari >> Version 2.0.3 (Open CPE detail)
Apple>>Safari >> Version 2.0.4 (Open CPE detail)
Apple>>Safari >> Version 2.0.4 (Open CPE detail)
Apple>>Safari >> Version 3 (Open CPE detail)
Apple>>Safari >> Version 3.0 (Open CPE detail)
Apple>>Safari >> Version 3.0.0 (Open CPE detail)
Apple>>Safari >> Version 3.0.0 (Open CPE detail)
Apple>>Safari >> Version 3.0.0b (Open CPE detail)
Apple>>Safari >> Version 3.0.0b (Open CPE detail)
Apple>>Safari >> Version 3.0.1 (Open CPE detail)
Apple>>Safari >> Version 3.0.1 (Open CPE detail)
Apple>>Safari >> Version 3.0.1 (Open CPE detail)
Apple>>Safari >> Version 3.0.1b (Open CPE detail)
Apple>>Safari >> Version 3.0.1b (Open CPE detail)
Apple>>Safari >> Version 3.0.2 (Open CPE detail)
Apple>>Safari >> Version 3.0.2 (Open CPE detail)
Apple>>Safari >> Version 3.0.2b (Open CPE detail)
Apple>>Safari >> Version 3.0.2b (Open CPE detail)
Apple>>Safari >> Version 3.0.3 (Open CPE detail)
Apple>>Safari >> Version 3.0.3 (Open CPE detail)
Apple>>Safari >> Version 3.0.3b (Open CPE detail)
Apple>>Safari >> Version 3.0.3b (Open CPE detail)
Apple>>Safari >> Version 3.0.4 (Open CPE detail)
Apple>>Safari >> Version 3.0.4 (Open CPE detail)
Apple>>Safari >> Version 3.0.4b (Open CPE detail)
Apple>>Safari >> Version 3.0.4b (Open CPE detail)
Apple>>Safari >> Version 3.0.5 (Open CPE detail)
Apple>>Safari >> Version 3.1.0 (Open CPE detail)
Apple>>Safari >> Version 3.1.0 (Open CPE detail)
Apple>>Safari >> Version 3.1.0b (Open CPE detail)
Apple>>Safari >> Version 3.1.0b (Open CPE detail)
Apple>>Safari >> Version 3.1.1 (Open CPE detail)
Apple>>Safari >> Version 3.1.1b (Open CPE detail)
Apple>>Safari >> Version 3.1.2 (Open CPE detail)
Apple>>Safari >> Version 3.1.2b (Open CPE detail)
Apple>>Safari >> Version 3.2.0 (Open CPE detail)
Apple>>Safari >> Version 3.2.0b (Open CPE detail)
Apple>>Safari >> Version 3.2.1 (Open CPE detail)
Apple>>Safari >> Version 3.2.1b (Open CPE detail)
Apple>>Safari >> Version 3.2.2 (Open CPE detail)
Apple>>Safari >> Version 3.2.2b (Open CPE detail)
Apple>>Safari >> Version 4.0 (Open CPE detail)
Apple>>Safari >> Version 4.0 (Open CPE detail)
Apple>>Safari >> Version 4.0.0b (Open CPE detail)
Apple>>Safari >> Version 4.0.1 (Open CPE detail)
Apple>>Safari >> Version 4.0.2 (Open CPE detail)
Apple>>Safari >> Version 4.0.3 (Open CPE detail)

Google>>Chrome >> Version To (excluding) 3.0.195.33

Google>>Chrome >> Version - (Open CPE detail)
Google>>Chrome >> Version 0.1.38.1 (Open CPE detail)
Google>>Chrome >> Version 0.1.38.2 (Open CPE detail)
Google>>Chrome >> Version 0.1.38.4 (Open CPE detail)
Google>>Chrome >> Version 0.1.40.1 (Open CPE detail)
Google>>Chrome >> Version 0.1.42.2 (Open CPE detail)
Google>>Chrome >> Version 0.1.42.3 (Open CPE detail)
Google>>Chrome >> Version 0.2.149.27 (Open CPE detail)
Google>>Chrome >> Version 0.2.149.29 (Open CPE detail)
Google>>Chrome >> Version 0.2.149.30 (Open CPE detail)
Google>>Chrome >> Version 0.2.152.1 (Open CPE detail)
Google>>Chrome >> Version 0.2.153.1 (Open CPE detail)
Google>>Chrome >> Version 0.3.154.0 (Open CPE detail)
Google>>Chrome >> Version 0.3.154.3 (Open CPE detail)
Google>>Chrome >> Version 0.4.154.18 (Open CPE detail)
Google>>Chrome >> Version 0.4.154.22 (Open CPE detail)
Google>>Chrome >> Version 0.4.154.31 (Open CPE detail)
Google>>Chrome >> Version 0.4.154.33 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.36 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.39 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.42 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.43 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.46 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.48 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.52 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.53 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.59 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.64 (Open CPE detail)
Google>>Chrome >> Version 1.0.154.65 (Open CPE detail)
Google>>Chrome >> Version 2.0.156.1 (Open CPE detail)
Google>>Chrome >> Version 2.0.157.0 (Open CPE detail)
Google>>Chrome >> Version 2.0.157.2 (Open CPE detail)
Google>>Chrome >> Version 2.0.158.0 (Open CPE detail)
Google>>Chrome >> Version 2.0.159.0 (Open CPE detail)
Google>>Chrome >> Version 2.0.169.0 (Open CPE detail)
Google>>Chrome >> Version 2.0.169.1 (Open CPE detail)
Google>>Chrome >> Version 2.0.170.0 (Open CPE detail)
Google>>Chrome >> Version 2.0.172 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.2 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.8 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.27 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.28 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.30 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.31 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.33 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.37 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.38 (Open CPE detail)
Google>>Chrome >> Version 2.0.172.43 (Open CPE detail)
Google>>Chrome >> Version 3.0 (Open CPE detail)
Google>>Chrome >> Version 3.0.182.2 (Open CPE detail)
Google>>Chrome >> Version 3.0.190.2 (Open CPE detail)
Google>>Chrome >> Version 3.0.193.2 (Open CPE detail)
Google>>Chrome >> Version 3.0.195.2 (Open CPE detail)
Google>>Chrome >> Version 3.0.195.21 (Open CPE detail)
Google>>Chrome >> Version 3.0.195.24 (Open CPE detail)
Google>>Chrome >> Version 3.0.195.25 (Open CPE detail)
Google>>Chrome >> Version 3.0.195.27 (Open CPE detail)
Google>>Chrome >> Version 3.0.195.32 (Open CPE detail)

Apple>>Iphone_os >> Version To (excluding) 4.0

Apple>>Iphone_os >> Version - (Open CPE detail)
Apple>>Iphone_os >> Version - (Open CPE detail)
Apple>>Iphone_os >> Version - (Open CPE detail)
Apple>>Iphone_os >> Version - (Open CPE detail)
Apple>>Iphone_os >> Version 1.0.0 (Open CPE detail)
Apple>>Iphone_os >> Version 1.0.0 (Open CPE detail)
Apple>>Iphone_os >> Version 1.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 1.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 1.0.2 (Open CPE detail)
Apple>>Iphone_os >> Version 1.0.2 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.0 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.1 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.2 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.3 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.4 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
Apple>>Iphone_os >> Version 1.1.5 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.0 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
Apple>>Iphone_os >> Version 2.0.2 (Open CPE detail)
Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.1.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
Apple>>Iphone_os >> Version 2.2 (Open CPE detail)
Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 2.2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
Apple>>Iphone_os >> Version 3.0 (Open CPE detail)
Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.0.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.2 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
Apple>>Iphone_os >> Version 3.1.3 (Open CPE detail)
Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
Apple>>Iphone_os >> Version 3.2 (Open CPE detail)
Apple>>Iphone_os >> Version 3.2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.2.1 (Open CPE detail)
Apple>>Iphone_os >> Version 3.2.2 (Open CPE detail)

Configuraton 0

Opensuse>>Opensuse >> Version 11.2

Opensuse>>Opensuse >> Version 11.2 (Open CPE detail)

Opensuse>>Opensuse >> Version 11.3

Opensuse>>Opensuse >> Version 11.3 (Open CPE detail)

Configuraton 0

Fedoraproject>>Fedora >> Version 11

Fedoraproject>>Fedora >> Version 11 (Open CPE detail)

Fedoraproject>>Fedora >> Version 12

Fedoraproject>>Fedora >> Version 12 (Open CPE detail)

References

http://secunia.com/advisories/43068
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2009/3233
Tags : vdb-entry, x_refsource_VUPEN

http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

http://www.vupen.com/english/advisories/2009/3217
Tags : vdb-entry, x_refsource_VUPEN

http://www.vupen.com/english/advisories/2011/0212
Tags : vdb-entry, x_refsource_VUPEN

http://support.apple.com/kb/HT4225
Tags : x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html
Tags : vendor-advisory, x_refsource_FEDORA

http://osvdb.org/59967
Tags : vdb-entry, x_refsource_OSVDB

http://www.securityfocus.com/bid/36997
Tags : vdb-entry, x_refsource_BID

http://support.apple.com/kb/HT3949
Tags : x_refsource_CONFIRM

http://www.securitytracker.com/id?1023165
Tags : vdb-entry, x_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516
Tags : vdb-entry, signature, x_refsource_OVAL

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Tags : vendor-advisory, x_refsource_SUSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/54239
Tags : vdb-entry, x_refsource_XF

https://bugzilla.redhat.com/show_bug.cgi?id=525789
Tags : x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html
Tags : vendor-advisory, x_refsource_FEDORA

http://secunia.com/advisories/37358
Tags : third-party-advisory, x_refsource_SECUNIA

http://osvdb.org/59940
Tags : vdb-entry, x_refsource_OSVDB

http://secunia.com/advisories/37397
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/37393
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Tags : vendor-advisory, x_refsource_APPLE

http://secunia.com/advisories/37346
Tags : third-party-advisory, x_refsource_SECUNIA

CVE-2009-2816 : Detail

CVE-2009-2816

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

References