Detections
Analytics

CVE-2009-1693

medium

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

References

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2009/1522

http://www.securityfocus.com/bid/35331

http://www.debian.org/security/2009/dsa-1950

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT3613

http://secunia.com/advisories/43068

http://secunia.com/advisories/37746

http://secunia.com/advisories/35379

http://osvdb.org/55004

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Details

Source: Mitre, NVD

Published: 2009-06-10

Updated: 2011-02-17

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: Medium