CVE-2009-2816

by Fred · 13/11/2009

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Date published : 2009-11-13

http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

CVE-2009-2816

Similar

Recent Posts

Categories

CVE-2009-2816

Share this:

Similar

Recent Posts

Categories

Tags