Security Advisory

CVE-2009-2816

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-11-13 15:00:00

Last updated 2024-08-07 06:07:36

Assigner mitre

State PUBLISHED

Description

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

← Browse all CVEs View on cve.org ↗