CVE-2009-1699
Description
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an XXE attack.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
9.268
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Apple Safari 3.2.2 | Windows |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 2.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 2.0.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 2.0.2 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.0.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 2.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 2.0.2 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.0.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.1.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.1.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.1.2 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 2.0.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.1.2 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.2.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.2.2 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 2.0.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.2.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.2.1 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari 3.2.2 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 2.0.3 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 2.0.0 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 3.2.0 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234