CVE-2009-2199

Severity

57%

Complexity

86%

Confidentiality

81%

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P).

Overview

First reported 15 years ago

2009-08-12 19:30:00

Last updated 12 years ago

2012-03-30 04:00:00

Affected Software

Apple Safari 2.0

2.0

Apple Safari 2.0.0

2.0.0

Apple Safari 2.0.1

2.0.1

Apple Safari 2.0.2

2.0.2

Apple Safari 2.0.3

2.0.3

Apple Safari 2.0.3 417.8

2.0.3

Apple Safari 2.0.3 417.9

2.0.3

Apple Safari 2.0.3 417.9.2

2.0.3

Apple Safari 2.0.3 417.9.3

2.0.3

Apple Safari 2.0.4

2.0.4

Apple Safari 3.0

3.0

Apple Safari 3.0.0

3.0.0

Apple Safari 3.0.0b

3.0.0b

Apple Safari 3.0.1

3.0.1

Apple Safari 3.0.1 Beta

3.0.1

Apple Safari 3.0.1b

3.0.1b

Apple Safari 3.0.2

3.0.2

Apple Safari 3.0.2b

3.0.2b

Apple Safari 3.0.3

3.0.3

Apple Safari 3.0.3b

3.0.3b

Apple Safari 3.0.4

3.0.4

Apple Safari 3.0.4b

3.0.4b

Apple Safari 3.1.0

3.1.0

Apple Safari 3.1.0b

3.1.0b

Apple Safari 3.1.1

3.1.1

Apple Safari 3.1.2

3.1.2

Apple Safari 3.2.0

3.2.0

Apple Safari 3.2.1

3.2.1

Apple Safari 3.2.2

3.2.2

Apple Safari 4.0

4.0

Apple Safari 4.0.0b

4.0.0b

Apple Safari 4.0.1

4.0.1

Apple Safari

References

APPLE-SA-2009-08-11-1

Patch, Vendor Advisory

APPLE-SA-2009-09-09-1

SUSE-SR:2011:002

36677

Vendor Advisory

43068

Vendor Advisory

http://support.apple.com/kb/HT3733

Patch, Vendor Advisory

http://support.apple.com/kb/HT3860

36026

Patch

1022719

ADV-2011-0212

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.