SecuritySpace - CVE-2009-3016

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2009-3016

Description: Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.

Test IDs: 1.3.6.1.4.1.25623.1.0.800873

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-3016
http://websecurity.com.ua/3386/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6475
XForce ISS Database: safari-javascript-xss(52992)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52992

CVE ID:	CVE-2009-3016
Description:	Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
Test IDs:	1.3.6.1.4.1.25623.1.0.800873
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3016 http://websecurity.com.ua/3386/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6475 XForce ISS Database: safari-javascript-xss(52992) https://exchange.xforce.ibmcloud.com/vulnerabilities/52992