CVE-2009-1700

Description

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

How to fix CVE-2009-1700

To remediate CVE-2009-1700, upgrade the affected package to a fixed version below.

• Debian/qt4-x11—upgrade to 4:4.6.2-4 or later

Is CVE-2009-1700 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4:4.6.2-4

References (12)

• ADVISORYsecunia.com/advisories/35379
• ADVISORYsecunia.com/advisories/43068
• ADVISORYwww.vupen.com/english/advisories/2009/1621
• ADVISORYwww.vupen.com/english/advisories/2011/0212
• EXPLOITwww.securityfocus.com/bid/35260