Back to search
CVE-2009-2816
Published: Nov 13, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43068
third-party-advisory
x_refsource_SECUNIA
ADV-2009-3233
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-11-11-1
vendor-advisory
x_refsource_APPLE
ADV-2009-3217
vdb-entry
x_refsource_VUPEN
ADV-2011-0212
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT4225
x_refsource_CONFIRM
FEDORA-2009-11487
vendor-advisory
x_refsource_FEDORA
59967
vdb-entry
x_refsource_OSVDB
36997
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT3949
x_refsource_CONFIRM
1023165
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:6516
vdb-entry
signature
x_refsource_OVAL
SUSE-SR:2011:002
vendor-advisory
x_refsource_SUSE
safari-crossorigin-csrf(54239)
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=525789
x_refsource_CONFIRM
FEDORA-2009-11491
vendor-advisory
x_refsource_FEDORA
37358
third-party-advisory
x_refsource_SECUNIA
59940
vdb-entry
x_refsource_OSVDB
37397
third-party-advisory
x_refsource_SECUNIA
37393
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2010-06-21-1
vendor-advisory
x_refsource_APPLE
37346
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now