CVE-2009-1699
CVE-2009-1699
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
cve_referencewww.exploit-db.com/exploits/8907não verificadoexploitdbwww.exploit-db.com/exploits/33034não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://osvdb.org/54972http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.htmlhttp://scary.beasts.org/security/CESA-2009-006.htmlhttp://secunia.com/advisories/35379http://secunia.com/advisories/43068http://support.apple.com/kb/HT3613http://support.apple.com/kb/HT3639https://www.exploit-db.com/exploits/8907http://www.securityfocus.com/bid/35260