Lucene search

MitreCVE-2008-1589

HistoryJul 14, 2008 - 6:41 p.m.

CVE-2008-1589

2008-07-1418:41:00

CWE-20

mitre

web.nvd.nist.gov

safari

iphone

ipod touch

cve-2008-1589

misinterpretation

web security

remote attack

certificate spoofing

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

77.3%

JSON

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

Affected configurations

Nvd

Node

appleiphoneMatch1.0

appleiphoneMatch1.1.3

appleiphoneMatch1.1.4

appleiphoneMatch1.02

appleipod_touchMatch1.1

appleipod_touchMatch1.1.1

appleipod_touchMatch1.1.2

appleipod_touchMatch1.1.3

appleipod_touchMatch1.1.4

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

AND

applesafari

VendorProductVersionCPE
appleiphone1.0cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
appleiphone1.1.3cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
appleiphone1.1.4cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
appleiphone1.02cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
appleipod_touch1.1cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
appleipod_touch1.1.1cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
appleipod_touch1.1.2cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
appleipod_touch1.1.3cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
appleipod_touch1.1.4cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
appleiphone_os1.0.1cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone	1.0	cpe:2.3:h:apple:iphone:1.0:::::::*
apple	iphone	1.1.3	cpe:2.3:h:apple:iphone:1.1.3:::::::*
apple	iphone	1.1.4	cpe:2.3:h:apple:iphone:1.1.4:::::::*
apple	iphone	1.02	cpe:2.3:h:apple:iphone:1.02:::::::*
apple	ipod_touch	1.1	cpe:2.3:h:apple:ipod_touch:1.1:::::::*
apple	ipod_touch	1.1.1	cpe:2.3:h:apple:ipod_touch:1.1.1:::::::*
apple	ipod_touch	1.1.2	cpe:2.3:h:apple:ipod_touch:1.1.2:::::::*
apple	ipod_touch	1.1.3	cpe:2.3:h:apple:ipod_touch:1.1.3:::::::*
apple	ipod_touch	1.1.4	cpe:2.3:h:apple:ipod_touch:1.1.4:::::::*
apple	iphone_os	1.0.1	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*

Rows per page:

1-10 of 141

References

jvn.jp/en/jp/JVN88676089/index.html

jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html

lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

secunia.com/advisories/31074

www.securityfocus.com/bid/30186

www.vupen.com/english/advisories/2008/2094/references

exchange.xforce.ibmcloud.com/vulnerabilities/43734

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

77.3%

JSON

Related for CVE-2008-1589