Lucene search

[email protected]CVE-2011-1344

HistoryMar 10, 2011 - 8:55 p.m.

CVE-2011-1344

2011-03-1020:55:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-1344

webkit

apple safari

ios

remote code execution

pwn2own

cansecwest

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.4%

JSON

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

Affected configurations

NVD

Node

applesafariRange≤5.0.4

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.0.385.8

applesafariMatch1.0.385.8.1

applesafariMatch1.1

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch1.3.2312.5

applesafariMatch1.3.2312.6

applesafariMatch2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch3.2.2

applesafariMatch4.0

applesafariMatch4.0beta

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

applesafariMatch4.0.4

applesafariMatch4.0.5

applesafariMatch4.1

applesafariMatch4.1.1

applesafariMatch4.1.2

applesafariMatch5.0

applesafariMatch5.0.1

applesafariMatch5.0.2

Node

appleiphone_osRange≤4.3.1

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

appleiphone_osMatch3.0

appleiphone_osMatch3.0.1

appleiphone_osMatch3.1

appleiphone_osMatch3.1.2

appleiphone_osMatch3.1.3

appleiphone_osMatch3.2

appleiphone_osMatch3.2.1

appleiphone_osMatch4.0

appleiphone_osMatch4.0.1

appleiphone_osMatch4.0.2

appleiphone_osMatch4.1

appleiphone_osMatch4.2

appleiphone_osMatch4.2.1

appleiphone_osMatch4.2.5

appleiphone_osMatch4.2.8

appleiphone_osMatch4.3.0

AND

appleipad

appleipod_touch

appleiphone_os

Node

appleiphone_osRange≤4.2.5

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

appleiphone_osMatch3.0

appleiphone_osMatch3.0.1

appleiphone_osMatch3.1

appleiphone_osMatch3.1.2

appleiphone_osMatch3.1.3

appleiphone_osMatch3.2

appleiphone_osMatch3.2.1

appleiphone_osMatch3.2.2

appleiphone_osMatch4.0

appleiphone_osMatch4.0.1

appleiphone_osMatch4.0.2

appleiphone_osMatch4.1

appleiphone_osMatch4.2

appleiphone_osMatch4.2.1

AND

appleiphoneMatch4

CPENameOperatorVersion
apple:safariapple safarile5.0.4
apple:safariapple safarieq1.0
apple:safariapple safarieq1.0.0
apple:safariapple safarieq1.0.0b1
apple:safariapple safarieq1.0.0b2
apple:safariapple safarieq1.0.1
apple:safariapple safarieq1.0.2
apple:safariapple safarieq1.0.3
apple:safariapple safarieq1.1
apple:safariapple safarieq1.1.0

CPE	Name	Operator	Version
apple:safari	apple safari	le	5.0.4
apple:safari	apple safari	eq	1.0
apple:safari	apple safari	eq	1.0.0
apple:safari	apple safari	eq	1.0.0b1
apple:safari	apple safari	eq	1.0.0b2
apple:safari	apple safari	eq	1.0.1
apple:safari	apple safari	eq	1.0.2
apple:safari	apple safari	eq	1.0.3
apple:safari	apple safari	eq	1.1
apple:safari	apple safari	eq	1.1.0