Search for vulnerabilities
Vulnerability details: VCID-a89y-kj5v-aaaf
Vulnerability ID VCID-a89y-kj5v-aaaf
Aliases CVE-2009-2816
Summary The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-352 Cross-Site Request Forgery (CSRF)
System Score Found at
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00220 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.00577 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.02154 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
epss 0.0246 https://api.first.org/data/v1/epss?cve=CVE-2009-2816
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=525789
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-2816
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/59940
http://osvdb.org/59967
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2816.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2816
http://secunia.com/advisories/37346
http://secunia.com/advisories/37358
http://secunia.com/advisories/37393
http://secunia.com/advisories/37397
http://secunia.com/advisories/43068
https://exchange.xforce.ibmcloud.com/vulnerabilities/54239
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6516
http://support.apple.com/kb/HT3949
http://support.apple.com/kb/HT4225
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00545.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00549.html
http://www.securityfocus.com/bid/36997
http://www.securitytracker.com/id?1023165
http://www.vupen.com/english/advisories/2009/3217
http://www.vupen.com/english/advisories/2009/3233
http://www.vupen.com/english/advisories/2011/0212
525789 https://bugzilla.redhat.com/show_bug.cgi?id=525789
559759 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559759
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
CVE-2009-2816 https://nvd.nist.gov/vuln/detail/CVE-2009-2816
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2816
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.60395
EPSS Score 0.00220
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.