← volver
CVE-2009-2816

CVE-2009-2816

EPSS 1.6%
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://osvdb.org/59940http://osvdb.org/59967https://bugzilla.redhat.com/show_bug.cgi?id=525789http://secunia.com/advisories/37346http://secunia.com/advisories/37358http://secunia.com/advisories/37393http://secunia.com/advisories/37397http://secunia.com/advisories/43068https://exchange.xforce.ibmcloud.com/vulnerabilities/54239