CVE-2009-1700 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-1700 Interim 1 5 2023-12-09T02:04:11Z current 2021-05-30T12:47:07Z 2023-12-09T02:04:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-1700 The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C2VK7FPKD3ZEG555N25GLTFTZJJB237A/#C2VK7FPKD3ZEG555N25GLTFTZJJB237A E-Mail link for SUSE-SR:2011:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. CVE-2009-1700 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N