CVE-2009-2816

CVE-2009-2816 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Learn more about our Cis Benchmark Audit For Google Chrome.