Описание
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00256
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
EPSS
Процентиль: 49%
0.00256
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20