CVE-2009-1700 Information

Feb 14, 2021 cve

Description

The XSLT implementation in WebKit in Apple Safari before 4.0 iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54973 http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212

Share on: