Lucene search

K

[email protected]CVE-2009-1698

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1698

2009-06-1018:00:00

CWE-94

[email protected]

web.nvd.nist.gov

41

cve-2009-1698

webkit

apple safari

iphone os

ipod touch

css

memory corruption

application crash

remote code execution

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CPENameOperatorVersion
apple:safariapple safarieq3.0.4b
apple:safariapple safarieq2.0.3
apple:safariapple safarieq3.0.4
apple:safariapple safarieq3.0.1
apple:safariapple safarieq2.0.1
apple:safariapple safarieq2.0.2
apple:safariapple safarieq3.0.0
apple:safariapple safarieq3.0.2
apple:safariapple safarile3.2.2
apple:safariapple safarieq3.0.3b

Rows per page:

1-10 of 431

References

blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

osvdb.org/55006

secunia.com/advisories/35379

secunia.com/advisories/35588

secunia.com/advisories/36057

secunia.com/advisories/36062

secunia.com/advisories/36790

secunia.com/advisories/37746

secunia.com/advisories/43068

securitytracker.com/id?1022345

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

www.debian.org/security/2009/dsa-1950

www.mandriva.com/security/advisories?name=MDVSA-2009:330

www.redhat.com/support/errata/RHSA-2009-1128.html

www.securityfocus.com/archive/1/504173/100/0/threaded

www.securityfocus.com/archive/1/504295/100/0/threaded

www.securityfocus.com/bid/35260

www.securityfocus.com/bid/35318

www.ubuntu.com/usn/USN-822-1

www.ubuntu.com/usn/USN-836-1

www.ubuntu.com/usn/USN-857-1

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

www.vupen.com/english/advisories/2011/0212

www.zerodayinitiative.com/advisories/ZDI-09-032/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484

www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

Related for CVE-2009-1698

securityvulns5 centos2 ubuntucve1 zdi1 nessus27 openvas47 debiancve1 prion1 redhat2 veracode1 oraclelinux2 debian5 osv4 ubuntu3 fedora10 seebug1