CVE-2009-2797

Priority
Description
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS
before 3.1.1 for iPod touch, does not remove usernames and passwords from
URLs sent in Referer headers, which allows remote attackers to obtain
sensitive information by reading Referer logs on a web server.
Assigned-to
micahg
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Upstream:http://trac.webkit.org/changeset/42483
More Information

Updated: 2019-12-05 20:53:36 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)