CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

Published: Jun 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1713
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apple / safari	1.1	1.1.x
apple / safari	1.3.1	1.3.1.x
apple / safari	3.2.3	3.2.3.x
apple / safari	2.0.2	2.0.2.x
apple / safari	3.1	3.1.x
apple / safari	3.1.2	3.1.2.x
apple / safari	3.0	3.0.x
apple / safari	0.8	0.8.x
apple / safari	2.0	2.0.x
apple / safari	3.0.4	3.0.4.x
apple / safari	0.9	0.9.x
apple / safari	3.0.3	3.0.3.x
apple / safari	1.3.2	1.3.2.x
apple / safari	1.2	1.2.x
apple / safari	-	4.0_beta.x
apple / safari	3.2.1	3.2.1.x
apple / safari	3.0.2	3.0.2.x
apple / safari	2.0.4	2.0.4.x
apple / safari	3.1.1	3.1.1.x
apple / safari	1.0.3	1.0.3.x
apple / safari	1.0	1.0.x
apple / safari	1.3	1.3.x
apple / safari	3.2	3.2.x
apple / safari	3.0.1	3.0.1.x
apple / safari	-	3.2.3.x
apple / safari	3.2.2	3.2.2.x

Vulnerability Database

289,697

CVE-2009-1713