virus logo Intrusion Prevention

WebKit.XML.External.Entity.Information.Disclosure

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in Apple Safari web browser.
Safari's XSL stysheets are vulnerable to XXE (Xml eXternal Entity) attacks. By having an XML file refer to a malicious XSL resource, the attacker can steal a local file by refering to it in the XSL resource's DTD.

affected-products-logoAffected Products

WebKit Open Source Project WebKit
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Trolltech Qt 4.4.3
Trolltech Qt 4.5
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Apple Safari 3.2.3 for Windows
Apple Safari 3.2.3
Apple Safari 3.2.2 for Windows
Apple Safari 3.1.2 for Windows
Apple Safari 3.1.2
Apple Safari 3.1.1 for Windows
Apple Safari 3.1.1
Apple Safari 3.0.4 Beta for Windows
Apple Safari 3.0.3 Beta for Windows
Apple Safari 3.0.3 Beta
Apple Safari 3.0.2 Beta for Windows
Apple Safari 3.0.2 Beta
Apple Safari 3.0.1 Beta for Windows
Apple Safari 3.0.1 Beta
Apple Safari 3.2
Apple Safari 3.1 for Windows
Apple Safari 3.1
Apple Safari 3 Beta for Windows
Apple Safari 3 Beta
Apple Safari 3
Apple iPod Touch 2.2.1
Apple iPod Touch 2.0.2
Apple iPod Touch 2.0.1
Apple iPod Touch 1.1.4
Apple iPod Touch 1.1.3
Apple iPod Touch 1.1.2
Apple iPod Touch 1.1.1
Apple iPod Touch 2.2
Apple iPod Touch 2.1
Apple iPod Touch 2.0
Apple iPod Touch 1.1
Apple iPod Touch 0
Apple iPhone 2.2.1
Apple iPhone 2.0.2
Apple iPhone 2.0.1
Apple iPhone 1.1.4
Apple iPhone 1.1.3
Apple iPhone 1.1.2
Apple iPhone 1.1.1
Apple iPhone 1.0.2
Apple iPhone 1.0.1
Apple iPhone 2.2
Apple iPhone 2.1
Apple iPhone 2.0
Apple iPhone 1.1
Apple iPhone 1
Apple iPhone 0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest patch or update from the appropriate vendor.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 27577
Created Jul 28, 2011
Updated Feb 24, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2009-1699
Exploit Prediction Score 3.1%
Default Action drop
Active
Affected OS Windows, Linux, MacOS, Other
Affected App Apple