Description
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Chris Evans · textremotemultiple
https://www.exploit-db.com/exploits/8907
exploitdb
WORKING POC
VERIFIED
by Chris Evans · textremotelinux
https://www.exploit-db.com/exploits/33034
References (17)
Core 17
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3639
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43068
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1621
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8907
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0212
Exploit x_refsource_misc
http://scary.beasts.org/security/CESA-2009-006.html
Broken Link, Mailing List, Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/54972
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35260
Broken Link, Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1522
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35379
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-857-1
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35321
Exploit x_refsource_misc
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3613
Scores
CVSS v3
7.5
EPSS
0.0927
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (6)
apple/iphone_os
1.0.0 - 2.2.1
apple/safari
< 4.0
canonical/ubuntu_linux
8.10
canonical/ubuntu_linux
9.04
opensuse/opensuse
11.2
opensuse/opensuse
11.3
Published
Jun 10, 2009
Tracked Since
Feb 18, 2026