Lucene search

[email protected]CVE-2010-1029

HistoryMar 19, 2010 - 9:30 p.m.

CVE-2010-1029

2010-03-1921:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2010-1029

webcore

cssselector

webkit

apple safari

google chrome

denial of service

remote attackers

arbitrary code

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.7 High

AI Score

Confidence

High

0.899 High

EPSS

Percentile

98.8%

JSON

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

Affected configurations

NVD

Node

applesafariMatch4.0.4

Node

googlechromeMatch4.0.249.0

Node

applesafari

AND

appleiphone_os

appleiphone_osMatch1.0

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.1-iphone

appleiphone_osMatch1.0.2

appleiphone_osMatch1.0.2-iphone

appleiphone_osMatch1.1

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.0-iphone

appleiphone_osMatch1.1.0-ipodtouch

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.1-iphone

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.2-iphone

appleiphone_osMatch1.1.2-ipodtouch

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.3-iphone

appleiphone_osMatch1.1.3-ipodtouch

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.4-iphone

appleiphone_osMatch1.1.4-ipodtouch

appleiphone_osMatch1.1.5

appleiphone_osMatch1.1.5-iphone

appleiphone_osMatch1.1.5-ipodtouch

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.0-iphone

appleiphone_osMatch2.0.0-ipodtouch

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.1-iphone

appleiphone_osMatch2.0.1-ipodtouch

appleiphone_osMatch2.0.2

appleiphone_osMatch2.0.2-iphone

appleiphone_osMatch2.0.2-ipodtouch

appleiphone_osMatch2.1

appleiphone_osMatch2.1-iphone

appleiphone_osMatch2.1-ipodtouch

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2-iphone

appleiphone_osMatch2.2-ipodtouch

appleiphone_osMatch2.2.1

appleiphone_osMatch2.2.1-iphone

appleiphone_osMatch2.2.1-ipodtouch

appleiphone_osMatch3.0

appleiphone_osMatch3.0-ipodtouch

appleiphone_osMatch3.0.1

appleiphone_osMatch3.0.1-iphone

appleiphone_osMatch3.1.2

appleiphone_osMatch3.1.2-ipodtouch

CPENameOperatorVersion
apple:safariapple safarieq4.0.4

CPE	Name	Operator	Version
apple:safari	apple safari	eq	4.0.4

References

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/43068

www.exploit-db.com/exploits/11567

www.exploit-db.com/exploits/11574

www.securityfocus.com/bid/38398

www.vupen.com/english/advisories/2011/0212

exchange.xforce.ibmcloud.com/vulnerabilities/56524

exchange.xforce.ibmcloud.com/vulnerabilities/56527

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14301

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.7 High

AI Score

Confidence

High

0.899 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2010-1029

nvd1 ubuntucve1 debiancve1 cvelist1 prion1 openvas2 nessus2