CVE-2009-1692

Sažetak

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

Reference

http://support.apple.com/kb/HT3639
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://www.vupen.com/english/advisories/2009/1621
http://www.securityfocus.com/bid/35414
http://osvdb.org/55242
http://www.securityfocus.com/bid/35446
https://bugs.webkit.org/show_bug.cgi?id=23319
http://www.g-sec.lu/one-bug-to-rule-them-all.html
http://www.debian.org/security/2009/dsa-1950
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
http://secunia.com/advisories/36977
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121
https://www.exploit-db.com/exploits/9160
http://www.securityfocus.com/archive/1/505006/100/0/threaded
http://www.securityfocus.com/archive/1/504989/100/0/threaded
http://www.securityfocus.com/archive/1/504988/100/0/threaded
http://www.securityfocus.com/archive/1/504969/100/0/threaded

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

09-08-2022 - 13:48

Objavljeno

19-06-2009 - 16:30