VYPR
Unrated severityNVD Advisory· Published Nov 13, 2009· Updated Jun 16, 2026

CVE-2009-2816

CVE-2009-2816

Description

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <4.0.4
    • (no CPE)range: <4.0.4
  • Google/Chrome2 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <3.0.195.33
    • (no CPE)range: <3.0.195.33
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <4.0
  • cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
  • osv-coords
    Range: < 4:4.6.2-4

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.