WebKit Preflight Request Same-Origin Policy Bypass Vulnerability

Bugtraq ID: 36997
Class: Access Validation Error
CVE: CVE-2009-2816
Remote: Yes
Local: No
Published: Nov 11 2009 12:00AM
Updated: Jun 21 2010 10:28PM
Credit: Apple
Vulnerable: WebKit Open Source Project WebKit 0
Red Hat Fedora 12
Red Hat Fedora 11
Red Hat Fedora 10
Pardus Linux 2009 0
Google Chrome 3.0.195 .32
Google Chrome 3.0.195 .24
Google Chrome 3.0.195 .21
Google Chrome 2.0.172 .43
Google Chrome 2.0.172 .37
Google Chrome 2.0.172 .33
Google Chrome 2.0.172 .31
Google Chrome 2.0.172 .30
Google Chrome 1.0.154 .61
Google Chrome 1.0.154.65
Google Chrome 1.0.154.64
Google Chrome 1.0.154.59
Google Chrome 1.0.154.55
Google Chrome 1.0.154.53
Google Chrome 1.0.154.48
Google Chrome 1.0.154.46
Google Chrome 1.0.154.36
Apple Safari For Windows 3.2.1
Apple Safari 4.0.3 for Windows
Apple Safari 4.0.3
Apple Safari 4.0.2 for Windows
Apple Safari 4.0.2
Apple Safari 4.0.1
Apple Safari 3.2.3 for Windows
Apple Safari 3.2.3
Apple Safari 3.2.2 for Windows
Apple Safari 3.1.2 for Windows
Apple Safari 3.1.2
Apple Safari 3.1.1 for Windows
Apple Safari 3.1.1
Apple Safari 3.0.4 Beta for Windows
Apple Safari 3.0.3 Beta for Windows
Apple Safari 3.0.3 Beta
Apple Safari 3.0.2 Beta for Windows
Apple Safari 3.0.2 Beta
Apple Safari 3.0.1 Beta for Windows
Apple Safari 3.0.1 Beta
Apple Safari 4 for Windows
Apple Safari 4 Beta
Apple Safari 4
Apple Safari 3.2
Apple Safari 3.1 for Windows
Apple Safari 3.1
Apple Safari 3 Beta for Windows
Apple Safari 3 Beta
Apple iPod Touch 3.1.3
Apple iPod Touch 3.1.2
Apple iPod Touch 3.1.1
Apple iPod Touch 2.2.1
Apple iPod Touch 2.0.2
Apple iPod Touch 2.0.1
Apple iPod Touch 3.0
Apple iPod Touch 2.2
Apple iPod Touch 2.1
Apple iPod Touch 2.0
Apple iPhone 3.1.3
Apple iPhone 3.1.2
Apple iPhone 3.0.1
Apple iPhone 2.2.1
Apple iPhone 2.0.2
Apple iPhone 2.0.1
Apple iPhone 3.1
Apple iPhone 3.0
Apple iPhone 2.2
Apple iPhone 2.1
Apple iPhone 2.0
Not Vulnerable: Google Chrome 3.0.195 .33
Apple Safari 4.0.4 for Windows
Apple Safari 4.0.4
Apple iOS 4


 

Privacy Statement
Copyright 2010, SecurityFocus