Lucene search

MitreCVE-2008-0035

HistoryJan 16, 2008 - 2:00 a.m.

CVE-2008-0035

2008-01-1602:00:00

CWE-399

mitre

web.nvd.nist.gov

apple

foundation

vulnerability

remote attackers

denial of service

execute arbitrary code

crafted url

memory corruption

safari

cve-2008-0035

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.172

Percentile

96.1%

JSON

Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.

Affected configurations

Nvd

Node

applemac_os_xMatch10.5

applemac_os_xMatch10.5.1

AND

appleiphoneMatch1.0

appleiphoneMatch1.02

appleipod_touchMatch1.1

appleipod_touchMatch1.1.1

appleipod_touchMatch1.1.2

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

AND

applesafari

VendorProductVersionCPE
applemac_os_x10.5cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
applemac_os_x10.5.1cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
appleiphone1.0cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
appleiphone1.02cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
appleipod_touch1.1cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
appleipod_touch1.1.1cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
appleipod_touch1.1.2cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
appleiphone_os1.0.1cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
appleiphone_os1.0.2cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
appleiphone_os1.1.1cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.5	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
apple	mac_os_x	10.5.1	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
apple	iphone	1.0	cpe:2.3:h:apple:iphone:1.0:::::::*
apple	iphone	1.02	cpe:2.3:h:apple:iphone:1.02:::::::*
apple	ipod_touch	1.1	cpe:2.3:h:apple:ipod_touch:1.1:::::::*
apple	ipod_touch	1.1.1	cpe:2.3:h:apple:ipod_touch:1.1.1:::::::*
apple	ipod_touch	1.1.2	cpe:2.3:h:apple:ipod_touch:1.1.2:::::::*
apple	iphone_os	1.0.1	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
apple	iphone_os	1.0.2	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
apple	iphone_os	1.1.1	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*

Rows per page:

1-10 of 121

References

docs.info.apple.com/article.html?artnum=307302

docs.info.apple.com/article.html?artnum=307430

lists.apple.com/archives/security-announce/2008/Feb/msg00002.html

lists.apple.com/archives/security-announce/2008/Jan/msg00000.html

secunia.com/advisories/28497

secunia.com/advisories/28891

www.securityfocus.com/bid/27296

www.securitytracker.com/id?1019220

www.us-cert.gov/cas/techalerts/TA08-043B.html

www.vupen.com/english/advisories/2008/0147

www.vupen.com/english/advisories/2008/0495/references

exchange.xforce.ibmcloud.com/vulnerabilities/39700

Social References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.172

Percentile

96.1%

JSON

Related for CVE-2008-0035