CVE-2009-2196 - Vulnerability Details - OpenCVE

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server Safari
Microsoft	Windows Vista Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x:10.4.:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.8:::::::*
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

OR	cpe:2.3:a:apple:safari:4.0:::::::*
	cpe:2.3:a:apple:safari:4.0.1:::::::*
	cpe:2.3:a:apple:safari:4.0.2:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html
http://support.apple.com/kb/HT3733
http://www.securityfocus.com/bid/36022
http://www.securitytracker.com/id?1022718

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-12T19:00:00

Updated: 2024-08-07T05:44:55.921Z

Reserved: 2009-06-24T00:00:00

Link: CVE-2009-2196

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-08-12T19:30:00.420

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-2196

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2009-08-11-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"}, {"name": "36022", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36022"}, {"name": "1022718", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022718"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3733"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2196", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2009-08-11-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"}, {"name": "36022", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36022"}, {"name": "1022718", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022718"}, {"name": "http://support.apple.com/kb/HT3733", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3733"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.921Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2009-08-11-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"}, {"name": "36022", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36022"}, {"name": "1022718", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022718"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3733"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2196", "datePublished": "2009-08-12T19:00:00", "dateReserved": "2009-06-24T00:00:00", "dateUpdated": "2024-08-07T05:44:55.921Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.:*:*:*:*:*:*:*", "matchCriteriaId": "1CC1878A-7B92-4DA4-B239-243DCE90E152", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "2398ADC8-A106-462E-B9AE-F8AF800D0A3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1335E35A-D381-4056-9E78-37BC6DF8AD98", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "ADF94705-562C-4EC8-993E-1AD88F01549C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "82B4CD59-9F37-4EF0-BA43-427CFD6E1329", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Apple Safari 4 anteriores a v4.0.3 que permite a los servidores web remotos colocar un sitio web arbitrario en la vista \"Top Sites\", y posiblemente conducir un ataque de phishing, a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2009-2196", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-12T19:30:00.420", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT3733"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36022"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT3733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/36022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022718"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}