CVE-2009-2797

Publication date 10 September 2009

Last updated 24 July 2024

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qt4-x11	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored
webkit	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 1.2.5-0ubuntu0.9.10.1
	9.04 jaunty	Ignored
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
webkit	Upstream: http://trac.webkit.org/changeset/42483

References

Other references

https://www.cve.org/CVERecord?id=CVE-2009-2797