CVE-2009-0958

2009-06-1916:00:00

mitre

www.cve.org

AI Score

5.7

Confidence

Low

EPSS

0.001

Percentile

49.7%

JSON

Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.

References

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

osvdb.org/55236

support.apple.com/kb/HT3639

www.securityfocus.com/bid/35414

www.securityfocus.com/bid/35447

www.vupen.com/english/advisories/2009/1621

exchange.xforce.ibmcloud.com/vulnerabilities/51208