Unrated severityNVD Advisory· Published Sep 10, 2009· Updated Jun 16, 2026
CVE-2009-2797
CVE-2009-2797
Description
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <3.1
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:ipod_touch:*:*range: <3.1.1
- (no CPE)range: <3.1
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
13- lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlnvdMailing ListPatchVendor Advisory
- support.apple.com/kb/HT3860nvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvdThird Party Advisory
- secunia.com/advisories/36677nvdThird Party Advisory
- secunia.com/advisories/41856nvdThird Party Advisory
- secunia.com/advisories/43068nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/36339nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1006-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/2722nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0212nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0552nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/53187nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.