Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-567
Vulnerability from certfr_avis - Published: 2011-10-13 - Updated: 2011-10-13
De nombreuses vulnérabilités ont été corrigées dans Apple iOS pour iPhone, iPad et iPod touch dont certaines permettent une exécution de code arbitraire à distance.
Description
De nombreuses vulnérabilités ont été corrigées dans Apple iOS pour iPhone, iPad et iPod touch. Certaines permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de récupérer le mot de passe du compte «Apple ID» utilisé. Les composants suivants ont été mise à jour :
- CalDAV ;
- Calendar ;
- CFNetwork ;
- CoreFoundation ;
- CoreGraphics ;
- CoreMedia ;
- ImageIO ;
- International Components for Unicode ;
- Kernel ;
- Keyboards ;
- libxml ;
- OfficeImport ;
- Safari ;
- Settings ;
- UIKit ;
- WebKit ;
- WiFi.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPod touch avec iOS versions 4.3.5 et ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPhone 4 et 3GS avec iOS versions 4.3.5 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPad avec iOS versions 4.3.5 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS pour\niPhone, iPad et iPod touch. Certaines permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou de r\u00e9cup\u00e9rer\nle mot de passe du compte \u00abApple ID\u00bb utilis\u00e9. Les composants suivants\nont \u00e9t\u00e9 mise \u00e0 jour\u00a0:\n\n- CalDAV\u00a0;\n- Calendar\u00a0;\n- CFNetwork\u00a0;\n- CoreFoundation\u00a0;\n- CoreGraphics\u00a0;\n- CoreMedia\u00a0;\n- ImageIO\u00a0;\n- International Components for Unicode\u00a0;\n- Kernel\u00a0;\n- Keyboards\u00a0;\n- libxml\u00a0;\n- OfficeImport\u00a0;\n- Safari\u00a0;\n- Settings\u00a0;\n- UIKit\u00a0;\n- WebKit\u00a0;\n- WiFi.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1204",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
},
{
"name": "CVE-2011-1117",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
},
{
"name": "CVE-2011-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
},
{
"name": "CVE-2011-0983",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
},
{
"name": "CVE-2011-0259",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
},
{
"name": "CVE-2011-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2814"
},
{
"name": "CVE-2011-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0208"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2011-2823",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2823"
},
{
"name": "CVE-2011-2813",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2813"
},
{
"name": "CVE-2011-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2359"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2788",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2788"
},
{
"name": "CVE-2011-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
},
{
"name": "CVE-2011-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2819"
},
{
"name": "CVE-2011-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2799"
},
{
"name": "CVE-2011-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2341"
},
{
"name": "CVE-2011-0255",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
},
{
"name": "CVE-2011-1190",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1190"
},
{
"name": "CVE-2011-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3256"
},
{
"name": "CVE-2011-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
},
{
"name": "CVE-2011-0233",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
},
{
"name": "CVE-2011-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
},
{
"name": "CVE-2011-1296",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
},
{
"name": "CVE-2011-2351",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2351"
},
{
"name": "CVE-2011-2827",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2827"
},
{
"name": "CVE-2011-3432",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3432"
},
{
"name": "CVE-2011-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
},
{
"name": "CVE-2011-3254",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3254"
},
{
"name": "CVE-2011-0254",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
},
{
"name": "CVE-2011-2831",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2831"
},
{
"name": "CVE-2011-0238",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
},
{
"name": "CVE-2011-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2800"
},
{
"name": "CVE-2011-1295",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1295"
},
{
"name": "CVE-2011-3434",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3434"
},
{
"name": "CVE-2011-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
},
{
"name": "CVE-2011-1121",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
},
{
"name": "CVE-2011-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
},
{
"name": "CVE-2011-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2817"
},
{
"name": "CVE-2011-0206",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
},
{
"name": "CVE-2011-1451",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
},
{
"name": "CVE-2011-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2790"
},
{
"name": "CVE-2011-3243",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3243"
},
{
"name": "CVE-2011-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3235"
},
{
"name": "CVE-2011-3237",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3237"
},
{
"name": "CVE-2011-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3255"
},
{
"name": "CVE-2011-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2805"
},
{
"name": "CVE-2011-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
},
{
"name": "CVE-2011-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2356"
},
{
"name": "CVE-2011-3246",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
},
{
"name": "CVE-2011-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2797"
},
{
"name": "CVE-2011-2339",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2339"
},
{
"name": "CVE-2011-1288",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
},
{
"name": "CVE-2011-1132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1132"
},
{
"name": "CVE-2011-0241",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
},
{
"name": "CVE-2011-1203",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
},
{
"name": "CVE-2011-3245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3245"
},
{
"name": "CVE-2011-0242",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0242"
},
{
"name": "CVE-2011-2809",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2809"
},
{
"name": "CVE-2011-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3261"
},
{
"name": "CVE-2011-1293",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
},
{
"name": "CVE-2011-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3234"
},
{
"name": "CVE-2011-2338",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2338"
},
{
"name": "CVE-2011-3429",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3429"
},
{
"name": "CVE-2011-0184",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0184"
},
{
"name": "CVE-2011-3431",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3431"
},
{
"name": "CVE-2011-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2792"
},
{
"name": "CVE-2011-0234",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
},
{
"name": "CVE-2011-1449",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
},
{
"name": "CVE-2011-3430",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3430"
},
{
"name": "CVE-2011-3259",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3259"
},
{
"name": "CVE-2011-2818",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2818"
},
{
"name": "CVE-2011-1457",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
},
{
"name": "CVE-2011-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
},
{
"name": "CVE-2011-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
},
{
"name": "CVE-2011-3236",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3236"
},
{
"name": "CVE-2011-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
},
{
"name": "CVE-2011-3427",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3427"
},
{
"name": "CVE-2011-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0166"
},
{
"name": "CVE-2011-2820",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2820"
},
{
"name": "CVE-2011-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
},
{
"name": "CVE-2011-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
},
{
"name": "CVE-2011-2354",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2354"
},
{
"name": "CVE-2011-2816",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2816"
},
{
"name": "CVE-2011-2352",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2352"
},
{
"name": "CVE-2011-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
},
{
"name": "CVE-2011-1453",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
},
{
"name": "CVE-2011-0218",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
},
{
"name": "CVE-2011-3257",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3257"
},
{
"name": "CVE-2011-3244",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3244"
},
{
"name": "CVE-2011-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1107"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2011-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3426"
},
{
"name": "CVE-2011-3260",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3260"
},
{
"name": "CVE-2011-3232",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3232"
},
{
"name": "CVE-2011-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3253"
}
],
"initial_release_date": "2011-10-13T00:00:00",
"last_revision_date": "2011-10-13T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-567",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS pour\niPhone, iPad et iPod touch dont certaines permettent une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Apple iOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT4999 du 12 octobre 2011",
"url": "http://support.apple.com/kb/HT4999"
}
]
}
CVE-2011-3253 (GCVE-0-2011-3253)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-09-16 20:07
VLAI
EPSS
Summary
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-14T10:00:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3253",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:09.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3254 (GCVE-0-2011-3254)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-09-17 01:26
VLAI
EPSS
Summary
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-14T10:00:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3254",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:04.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3255 (GCVE-0-2011-3255)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "appleios-appleid-info-disc(70550)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "appleios-appleid-info-disc(70550)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70550"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "appleios-appleid-info-disc(70550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70550"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3255",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3256 (GCVE-0-2011-3256)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view"
},
{
"name": "openSUSE-SU-2012:0015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "SUSE-SU-2011:1307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "openSUSE-SU-2012:0047",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "appleios-freetype-code-exec(70552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70552"
},
{
"name": "DSA-2328",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2328"
},
{
"name": "50155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50155"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "FEDORA-2011-14749",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069100.html"
},
{
"name": "MDVSA-2011:157",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:157"
},
{
"name": "48951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view"
},
{
"name": "openSUSE-SU-2012:0015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "SUSE-SU-2011:1307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "openSUSE-SU-2012:0047",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "appleios-freetype-code-exec(70552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70552"
},
{
"name": "DSA-2328",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2328"
},
{
"name": "50155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50155"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "FEDORA-2011-14749",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069100.html"
},
{
"name": "MDVSA-2011:157",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:157"
},
{
"name": "48951",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view"
},
{
"name": "openSUSE-SU-2012:0015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "SUSE-SU-2011:1307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "openSUSE-SU-2012:0047",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "appleios-freetype-code-exec(70552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70552"
},
{
"name": "DSA-2328",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2328"
},
{
"name": "50155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50155"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "FEDORA-2011-14749",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069100.html"
},
{
"name": "MDVSA-2011:157",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:157"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3256",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3257 (GCVE-0-2011-3257)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
| http://osvdb.org/76325 | vdb-entryx_refsource_OSVDB |
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-data-access-info-disc(70553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account\u0027s cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-data-access-info-disc(70553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account\u0027s cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-data-access-info-disc(70553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70553"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76325",
"refsource": "OSVDB",
"url": "http://osvdb.org/76325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3257",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3259 (GCVE-0-2011-3259)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT5001 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/50087 | vdb-entryx_refsource_BID |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "appleios-tcp-dos(70530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70530"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "50087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50087"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "appleios-tcp-dos(70530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70530"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "50087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50087"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-tcp-dos(70530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70530"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "50087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50087"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3259",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3260 (GCVE-0-2011-3260)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "appleios-officeimport-bo(70556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70556"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "appleios-officeimport-bo(70556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70556"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-officeimport-bo(70556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70556"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3260",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3261 (GCVE-0-2011-3261)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-officeimport-code-exec(70557)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70557"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-officeimport-code-exec(70557)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70557"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "appleios-officeimport-code-exec(70557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70557"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3261",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3389 (GCVE-0-2011-3389)
Vulnerability from cvelistv5 – Published: 2011-09-06 19:00 – Updated: 2024-08-06 23:29
VLAI
EPSS
Summary
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
94 references
Date Public
2004-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74829",
"refsource": "OSVDB",
"url": "http://osvdb.org/74829"
},
{
"name": "http://eprint.iacr.org/2004/111",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2004/111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf",
"refsource": "CONFIRM",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49388"
},
{
"name": "http://ekoparty.org/2011/juliano-rizzo.php",
"refsource": "MISC",
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://technet.microsoft.com/security/advisory/2588513",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"name": "http://eprint.iacr.org/2006/136",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026103"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html",
"refsource": "CONFIRM",
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "http://www.insecure.cl/Beast-SSL.rar",
"refsource": "MISC",
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"name": "http://curl.haxx.se/docs/adv_20120124B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"name": "http://www.opera.com/support/kb/view/1004/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue",
"refsource": "CONFIRM",
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=719047",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://vnhacker.blogspot.com/2011/09/beast.html",
"refsource": "MISC",
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3389",
"datePublished": "2011-09-06T19:00:00.000Z",
"dateReserved": "2011-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3426 (GCVE-0-2011-3426)
Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:37
VLAI
EPSS
Summary
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://lists.apple.com/archives/Security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://support.apple.com/kb/HT4999 | x_refsource_CONFIRM |
| http://osvdb.org/76334 | vdb-entryx_refsource_OSVDB |
| http://support.apple.com/kb/HT5400 | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2014/Jul/158 | mailing-listx_refsource_FULLDISC |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000088 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN41657660/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2011-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "appleios-attachment-xss(70558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70558"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "20140730 Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/158"
},
{
"name": "JVNDB-2011-000088",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000088"
},
{
"name": "JVN#41657660",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41657660/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a \"Content-Disposition: attachment\" HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "appleios-attachment-xss(70558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70558"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76334",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "20140730 Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jul/158"
},
{
"name": "JVNDB-2011-000088",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000088"
},
{
"name": "JVN#41657660",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN41657660/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-3426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a \"Content-Disposition: attachment\" HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-attachment-xss(70558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70558"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "76334",
"refsource": "OSVDB",
"url": "http://osvdb.org/76334"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "20140730 Re: Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/158"
},
{
"name": "JVNDB-2011-000088",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000088"
},
{
"name": "JVN#41657660",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41657660/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-3426",
"datePublished": "2011-10-14T10:00:00.000Z",
"dateReserved": "2011-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:47.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…