Lucene search

MitreCVE-2008-4231

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-4231

2008-11-2523:30:00

CWE-399

mitre

web.nvd.nist.gov

safari

apple

iphone os

ipod touch

cve-2008-4231

security

vulnerability

html

table

remote attackers

arbitrary code

denial of service

memory corruption

application crash

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.072

Percentile

94.0%

JSON

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Affected configurations

Nvd

Node

appleipod_touch

appleiphone_os

AND

applesafari

appleiphone_osMatch1.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

VendorProductVersionCPE
appleipod_touch*cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleiphone_os1.0cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*
appleiphone_os1.0.1cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
appleiphone_os1.0.2cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
appleiphone_os1.1cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*
appleiphone_os1.1.1cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
appleiphone_os1.1.2cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
appleiphone_os1.1.3cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipod_touch	*	cpe:2.3:h:apple:ipod_touch::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	iphone_os	1.0	cpe:2.3:o:apple:iphone_os:1.0:::::::*
apple	iphone_os	1.0.1	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
apple	iphone_os	1.0.2	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
apple	iphone_os	1.1	cpe:2.3:o:apple:iphone_os:1.1:::::::*
apple	iphone_os	1.1.1	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
apple	iphone_os	1.1.2	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
apple	iphone_os	1.1.3	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*

Rows per page:

1-10 of 161

References

lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

osvdb.org/50028

secunia.com/advisories/32756

secunia.com/advisories/35379

support.apple.com/kb/HT3318

support.apple.com/kb/HT3613

www.fortiguardcenter.com/advisory/FGA-2009-23.html

www.securityfocus.com/archive/1/504211/100/0/threaded

www.securityfocus.com/bid/32394

www.securitytracker.com/id?1021272

www.vupen.com/english/advisories/2008/3232

www.vupen.com/english/advisories/2009/1522

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

High

EPSS

0.072

Percentile

94.0%

JSON

Related for CVE-2008-4231