Lucene search

[email protected]CVE-2009-3273

HistorySep 21, 2009 - 7:30 p.m.

CVE-2009-3273

2009-09-2119:30:00

CWE-310

[email protected]

web.nvd.nist.gov

iphone

mail

apple

iphone os

x.509 certificates

man-in-the-middle

ssl

servers

security vulnerability

cve-2009-3273

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.8%

JSON

iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.

Affected configurations

NVD

Node

appleiphone_osMatch1.0

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.1-iphone

appleiphone_osMatch1.0.2

appleiphone_osMatch1.0.2-iphone

appleiphone_osMatch1.1

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.0-iphone

appleiphone_osMatch1.1.0-ipodtouch

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.1-iphone

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.2-iphone

appleiphone_osMatch1.1.2-ipodtouch

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.3-iphone

appleiphone_osMatch1.1.3-ipodtouch

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.4-iphone

appleiphone_osMatch1.1.4-ipodtouch

appleiphone_osMatch1.1.5

appleiphone_osMatch1.1.5-iphone

appleiphone_osMatch1.1.5-ipodtouch

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.0-iphone

appleiphone_osMatch2.0.0-ipodtouch

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.1-iphone

appleiphone_osMatch2.0.1-ipodtouch

appleiphone_osMatch2.0.2

appleiphone_osMatch2.0.2-iphone

appleiphone_osMatch2.0.2-ipodtouch

appleiphone_osMatch2.1

appleiphone_osMatch2.1-iphone

appleiphone_osMatch2.1-ipodtouch

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2-iphone

appleiphone_osMatch2.2-ipodtouch

appleiphone_osMatch2.2.1

appleiphone_osMatch2.2.1-iphone

appleiphone_osMatch2.2.1-ipodtouch

appleiphone_osMatch3.0

appleiphone_osMatch3.0-ipodtouch

appleiphone_osMatch3.0.1

appleiphone_osMatch3.0.1-iphone

CPENameOperatorVersion
apple:iphone_osapple iphone oseq1.0
apple:iphone_osapple iphone oseq1.0.0
apple:iphone_osapple iphone oseq1.0.1
apple:iphone_osapple iphone oseq1.0.2
apple:iphone_osapple iphone oseq1.1
apple:iphone_osapple iphone oseq1.1.0
apple:iphone_osapple iphone oseq1.1.1
apple:iphone_osapple iphone oseq1.1.2
apple:iphone_osapple iphone oseq1.1.3
apple:iphone_osapple iphone oseq1.1.4

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	eq	1.0
apple:iphone_os	apple iphone os	eq	1.0.0
apple:iphone_os	apple iphone os	eq	1.0.1
apple:iphone_os	apple iphone os	eq	1.0.2
apple:iphone_os	apple iphone os	eq	1.1
apple:iphone_os	apple iphone os	eq	1.1.0
apple:iphone_os	apple iphone os	eq	1.1.1
apple:iphone_os	apple iphone os	eq	1.1.2
apple:iphone_os	apple iphone os	eq	1.1.3
apple:iphone_os	apple iphone os	eq	1.1.4

Rows per page:

1-10 of 211

References

www.securityfocus.com/archive/1/506428/100/0/threaded

www.securityfocus.com/bid/36370

exchange.xforce.ibmcloud.com/vulnerabilities/53234

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.8%

JSON

Related for CVE-2009-3273

prion1 nvd1 cvelist1