Unrated severityNVD Advisory· Published Sep 10, 2009· Updated Apr 23, 2026
CVE-2009-2797
CVE-2009-2797
Description
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Affected products
5cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <3.1
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:ipod_touch:*:*range: <3.1.1
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlnvdMailing ListPatchVendor Advisory
- support.apple.com/kb/HT3860nvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvdThird Party Advisory
- secunia.com/advisories/36677nvdThird Party Advisory
- secunia.com/advisories/41856nvdThird Party Advisory
- secunia.com/advisories/43068nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/36339nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1006-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2722nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0212nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0552nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53187nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.