CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."

Published: Jun 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1699
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N

CWEs:

CWE-200
CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
apple / iphone_os	1.0.0	2.2.1.x
apple / safari	-	4.0
canonical / ubuntu_linux	9.04	9.04.x
canonical / ubuntu_linux	8.10	8.10.x
opensuse / opensuse	11.2	11.2.x
opensuse / opensuse	11.3	11.3.x

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/54972
http://scary.beasts.org/security/CESA-2009-006.html
http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
http://secunia.com/advisories/35379
http://secunia.com/advisories/43068
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://www.securityfocus.com/bid/35260
http://www.securityfocus.com/bid/35321
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
https://www.exploit-db.com/exploits/8907

Vulnerability Database

289,599

CVE-2009-1699