VAR-201108-0032
Vulnerability from variot - Updated: 2025-04-11 23:20The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. Apple From iOS An update for has been released.By a third party SSL/TLS There is a possibility that the content being communicated on will be intercepted or tampered with. Apple iOS is prone to a security vulnerability that may allow attackers to capture or modify data. Successful exploits will allow attackers to gain access to sensitive information or send misleading information to a victim user. Other attacks are also possible. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------
The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.
Read more and request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Apple iOS "basicConstraints" X.509 Certificate Chain Validation Vulnerability
SECUNIA ADVISORY ID: SA45369
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45369
RELEASE DATE: 2011-07-27
DISCUSS ADVISORY: http://secunia.com/advisories/45369/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45369/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45369
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks. This can be exploited to spoof certificates of arbitrary domains and disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.
PROVIDED AND/OR DISCOVERED BY: Paul Kehrer, Trustwave's SpiderLabs.
The vendor also credits Gregor Kopf, Recurity Labs on behalf of BSI.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4824 http://support.apple.com/kb/HT4825
Trustwave: https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Trustwave's SpiderLabs Security Advisory TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt
Published: 2011-07-25 Version: 1.0
Vendor: Apple (http://www.apple.com) Product: iOS Version affected: Versions Prior to 5.0b4, 4.3.5, and 4.2.10
Product description: iOS is Apple's mobile operating system for the iPhone, iPod Touch, and iPad hardware platforms. By signing a new certificate using a legitimate end entity certificate, an attacker can obtain a "valid" certificate for any domain. For example:
-TrustedCA --somedomain.com (legitimate certificate) ---api.someotherdomain.com (signed by somedomain.com)
Using this technique any SSL traffic using the api.someotherdomain.com certificate can be intercepted and decrypted by the issuer. No notification of the invalid nature of the certificate is presented to the iOS user. This method allows for transparent man-in-the-middle attacks against encrypted iOS communications.
Remediation Steps: Users should update to the latest version of iOS in order to address this issue. This vulnerability has been corrected in versions 5.0b4, 4.3.5, and 4.2.10.
Revision History: 07/15/11 - Vulnerability Disclosed 07/25/11 - Patch Released 07/25/11 - Advisory Published
References: 1. http://support.apple.com/kb/HT4824 2. http://support.apple.com/kb/HT4825
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone
iOS 4.2.10 Software Update for iPhone is now available and addresses the following:
Data Security Available for: iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA) Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: A certificate chain validation issue existed in the handling of X.509 certificates. This issue is addressed through improved validation of X.509 certificate chains. CVE-ID CVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave's SpiderLabs
Installation note:
This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone.
The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone is docked to your computer.
To check that the iPhone has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "4.2.10 (8E600)".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJOKaO4AAoJEGnF2JsdZQeeZJAH/AgzQw32cHPdHMZMufmeTx7C q0I1yzI+uF8HDERM8VfDg98rjVFbhcKKyeA1FNe1lGz79sIpo6Px4QubCRKyt2RW FbLYNGlWNreNodBr8FhAQcVqYbHLogD1O/Y+MVeU9i4pVfO6gXFfaMHWZkaZDlZd m9DLyPxAJ9uRtb9AYz3YL7Dp52YoW5yApSnpqV2dm5LE9L7ysvZ6inDOme0figAH v8+MDE18x1Caw3n0f2cWd6Sz9jqjvIodgp8iYWMEYnsRUZtFlFyxbSQSJFeFq1Ul y8N12gycPaWCJsqQyfFEruTcqHnV9kBVZV9TACT6UdtRkULXtsFEsqi6+8PI2mo= =yzpz -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201108-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.2.10 earlier"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.3.5 earlier"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
}
],
"sources": [
{
"db": "BID",
"id": "48877"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave\u0027s SpiderLab",
"sources": [
{
"db": "BID",
"id": "48877"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
}
],
"trust": 0.9
},
"cve": "CVE-2011-0228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-0228",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-48173",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0228",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-0228",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201107-392",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-48173",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2011-0228",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48173"
},
{
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. Apple From iOS An update for has been released.By a third party SSL/TLS There is a possibility that the content being communicated on will be intercepted or tampered with. Apple iOS is prone to a security vulnerability that may allow attackers to capture or modify data. \nSuccessful exploits will allow attackers to gain access to sensitive information or send misleading information to a victim user. Other attacks are also possible. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------\n\nThe Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. \n\nRead more and request a free trial:\nhttp://secunia.com/products/corporate/vim/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS \"basicConstraints\" X.509 Certificate Chain Validation\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA45369\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45369/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45369\n\nRELEASE DATE:\n2011-07-27\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45369/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45369/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45369\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Apple iOS, which can be\nexploited by malicious people to conduct spoofing attacks. This can be exploited to spoof certificates of arbitrary\ndomains and disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\nPROVIDED AND/OR DISCOVERED BY:\nPaul Kehrer, Trustwave\u0027s SpiderLabs. \n\nThe vendor also credits Gregor Kopf, Recurity Labs on behalf of BSI. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4824\nhttp://support.apple.com/kb/HT4825\n\nTrustwave:\nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Trustwave\u0027s SpiderLabs Security Advisory TWSL2011-007:\niOS SSL Implementation Does Not Validate Certificate Chain\n\nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt\n\nPublished: 2011-07-25\nVersion: 1.0\n\nVendor: Apple (http://www.apple.com)\nProduct: iOS\nVersion affected: Versions Prior to 5.0b4, 4.3.5, and 4.2.10\n\nProduct description:\niOS is Apple\u0027s mobile operating system for the iPhone, iPod Touch, and iPad\nhardware platforms. By signing a new\ncertificate using a legitimate end entity certificate, an attacker can\nobtain a \"valid\" certificate for any domain. For example:\n\n-TrustedCA\n--somedomain.com (legitimate certificate)\n---api.someotherdomain.com (signed by somedomain.com)\n\nUsing this technique any SSL traffic using the api.someotherdomain.com\ncertificate can be intercepted and decrypted by the issuer. No notification\nof the invalid nature of the certificate is presented to the iOS user. \nThis method allows for transparent man-in-the-middle attacks against\nencrypted iOS communications. \n\n\nRemediation Steps:\nUsers should update to the latest version of iOS in order to address this\nissue. This vulnerability has been corrected in versions 5.0b4, 4.3.5, and\n4.2.10. \n\nRevision History:\n07/15/11 - Vulnerability Disclosed\n07/25/11 - Patch Released\n07/25/11 - Advisory Published\n\nReferences:\n1. http://support.apple.com/kb/HT4824\n2. http://support.apple.com/kb/HT4825\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n\n\n\n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone\n\niOS 4.2.10 Software Update for iPhone is now available and addresses\nthe following:\n\nData Security\nAvailable for: iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA)\nImpact: An attacker with a privileged network position may capture\nor modify data in sessions protected by SSL/TLS\nDescription: A certificate chain validation issue existed in the\nhandling of X.509 certificates. This issue is addressed through improved validation of\nX.509 certificate chains. \nCVE-ID\nCVE-2011-0228 : Gregor Kopf of Recurity Labs on behalf of BSI, and\nPaul Kehrer of Trustwave\u0027s SpiderLabs\n\n\nInstallation note:\n\nThis update is only available through iTunes, and will not appear\nin your computer\u0027s Software Update application, or in the Apple\nDownloads site. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. When\nthe iPhone is docked, iTunes will present the user with the option\nto install the update. We recommend applying the update immediately\nif possible. Selecting Don\u0027t Install will present the option the\nnext time you connect your iPhone. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. After doing\nthis, the update can be applied when your iPhone is docked to your\ncomputer. \n\nTo check that the iPhone has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update will be\n\"4.2.10 (8E600)\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (Darwin)\n\niQEcBAEBAgAGBQJOKaO4AAoJEGnF2JsdZQeeZJAH/AgzQw32cHPdHMZMufmeTx7C\nq0I1yzI+uF8HDERM8VfDg98rjVFbhcKKyeA1FNe1lGz79sIpo6Px4QubCRKyt2RW\nFbLYNGlWNreNodBr8FhAQcVqYbHLogD1O/Y+MVeU9i4pVfO6gXFfaMHWZkaZDlZd\nm9DLyPxAJ9uRtb9AYz3YL7Dp52YoW5yApSnpqV2dm5LE9L7ysvZ6inDOme0figAH\nv8+MDE18x1Caw3n0f2cWd6Sz9jqjvIodgp8iYWMEYnsRUZtFlFyxbSQSJFeFq1Ul\ny8N12gycPaWCJsqQyfFEruTcqHnV9kBVZV9TACT6UdtRkULXtsFEsqi6+8PI2mo=\n=yzpz\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "BID",
"id": "48877"
},
{
"db": "VULHUB",
"id": "VHN-48173"
},
{
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"db": "PACKETSTORM",
"id": "103453"
},
{
"db": "PACKETSTORM",
"id": "103388"
},
{
"db": "PACKETSTORM",
"id": "103408"
},
{
"db": "PACKETSTORM",
"id": "103387"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-48173",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48173"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0228",
"trust": 3.2
},
{
"db": "BID",
"id": "48877",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "45369",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1025837",
"trust": 2.6
},
{
"db": "SREASON",
"id": "8361",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "74030",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-07-25-1",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-07-25-2",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20110725 TWSL2011-007: IOS SSL IMPLEMENTATION DOES NOT VALIDATE CERTIFICATE CHAIN",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17343",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "103408",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103388",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103387",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48173",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-0228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "103453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48173"
},
{
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"db": "BID",
"id": "48877"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "PACKETSTORM",
"id": "103453"
},
{
"db": "PACKETSTORM",
"id": "103388"
},
{
"db": "PACKETSTORM",
"id": "103408"
},
{
"db": "PACKETSTORM",
"id": "103387"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"id": "VAR-201108-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48173"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:20:43.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the security content of iOS 4.3.5 Software Update for iPhone",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4824"
},
{
"title": "About the security content of iOS 4.2.10 Software Update for iPhone",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4825"
},
{
"title": "isslfix",
"trust": 0.1,
"url": "https://github.com/jan0/isslfix "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/CVEDB/PoC-List "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48173"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/48877"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/45369"
},
{
"trust": 2.3,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2011-007.txt"
},
{
"trust": 2.0,
"url": "http://support.apple.com/kb/ht4824"
},
{
"trust": 2.0,
"url": "http://support.apple.com/kb/ht4825"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00005.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00004.html"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1025837"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/518982/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://securityreason.com/securityalert/8361"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0228"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu633907"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0228"
},
{
"trust": 0.8,
"url": "http://osvdb.org/74030"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id?1025837"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/518982/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17343"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://blog.thoughtcrime.org/sslsniff-anniversary-edition"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0228"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/jan0/isslfix"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45369/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45369/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45369"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.apple.com)"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48173"
},
{
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"db": "BID",
"id": "48877"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "PACKETSTORM",
"id": "103453"
},
{
"db": "PACKETSTORM",
"id": "103388"
},
{
"db": "PACKETSTORM",
"id": "103408"
},
{
"db": "PACKETSTORM",
"id": "103387"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-48173"
},
{
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"db": "BID",
"id": "48877"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"db": "PACKETSTORM",
"id": "103453"
},
{
"db": "PACKETSTORM",
"id": "103388"
},
{
"db": "PACKETSTORM",
"id": "103408"
},
{
"db": "PACKETSTORM",
"id": "103387"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-48173"
},
{
"date": "2011-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"date": "2011-07-25T00:00:00",
"db": "BID",
"id": "48877"
},
{
"date": "2011-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"date": "2011-07-26T06:44:17",
"db": "PACKETSTORM",
"id": "103453"
},
{
"date": "2011-07-25T19:58:09",
"db": "PACKETSTORM",
"id": "103388"
},
{
"date": "2011-07-26T02:53:15",
"db": "PACKETSTORM",
"id": "103408"
},
{
"date": "2011-07-25T19:55:17",
"db": "PACKETSTORM",
"id": "103387"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"date": "2011-08-29T20:55:00.753000",
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-48173"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2011-0228"
},
{
"date": "2011-07-26T16:00:00",
"db": "BID",
"id": "48877"
},
{
"date": "2013-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002113"
},
{
"date": "2011-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-392"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-0228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Updates for vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002113"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-392"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.