Lucene search

AppleCVE-2010-1757

HistoryJun 22, 2010 - 8:30 p.m.

CVE-2010-1757

2010-06-2220:30:01

CWE-264

apple

web.nvd.nist.gov

cve-2010-1757

webkit

apple ios

boundary restrictions

ui spoofing

crafted html document

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.

Affected configurations

Nvd

Node

appleiphone_osRange<4.0

AND

appleipod_touchMatch-

appleiphone_osMatch-

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipod_touch-cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*
appleiphone_os-cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipod_touch	-	cpe:2.3:h:apple:ipod_touch:-:::::::*
apple	iphone_os	-	cpe:2.3:o:apple:iphone_os:-:::::::*

References

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/42314

secunia.com/advisories/43068

support.apple.com/kb/HT4225

support.apple.com/kb/HT4456

www.securityfocus.com/bid/41016

www.securityfocus.com/bid/41068

www.vupen.com/english/advisories/2011/0212

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

Related for CVE-2010-1757