CVE-2009-2841: CVE-2009-2841

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-2841

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apple Safari WebKit WebCore任意站点访问控制漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apple Safari中的WebKit的WebCore中的html/HTMLMediaElement.cpp的HTMLMediaElement::loadResource函数没有对HTML 5媒介元素执行与预期的回收操作，且这些媒介元素都具有对媒介资源的外界URLs。远程攻击者可借助特制的HTML文件，触发对任意web站点的请求。例如使用一个对X-Confirm-Reading-To功能的媒介元素的一个HTML e-mail信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-2841

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-2841

Please Login to view more intelligence information

http://trac.webkit.org/changeset/49480x_refsource_CONFIRM
http://support.apple.com/kb/HT3949x_refsource_CONFIRM
http://threatpost.com/en_us/blogs/apple-patches-critical-safari-vulnerabilities-111109x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=525791x_refsource_CONFIRM
http://support.apple.com/kb/HT4013x_refsource_CONFIRM
http://osvdb.org/59941vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/43068third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/36996vdb-entryx_refsource_BID
http://secunia.com/advisories/37346third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/40557third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/41856third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1023167vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1006-1vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2011/0212vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0552vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3217vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/1801vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/2722vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlvendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.htmlvendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.htmlvendor-advisoryx_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.htmlvendor-advisoryx_refsource_APPLE
https://exchange.xforce.ibmcloud.com/vulnerabilities/54242vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2009-2841

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-2841

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2009-2841

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-2841

III. Intelligence Information for CVE-2009-2841

IV. Related Vulnerabilities

V. Comments for CVE-2009-2841

Leave a comment