NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-0958

Summary	Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
Summary	Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 guarda una excepción para un nombre de servidor (hostname) cuando el usuario acepta un certificado de servidor Exchange no confiable, provocando que sea aceptado en usos futuros sin consultar al usuario y permitiendo que servidores Exchange remotos obtengan información sensible como las credenciales de acceso.
Publication Date	June 20, 2009, 1:30 a.m.
Registration Date	Jan. 29, 2021, 1:16 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:h:apple:ipod_touch::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	cve@mitre.org
2	http://osvdb.org/55236	cve@mitre.org
3	http://support.apple.com/kb/HT3639	cve@mitre.org
4	http://www.securityfocus.com/bid/35414	cve@mitre.org
5	http://www.securityfocus.com/bid/35447	cve@mitre.org
6	http://www.vupen.com/english/advisories/2009/1621	cve@mitre.org
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/51208	cve@mitre.org
8	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	af854a3a-2127-422b-91ae-364da2661108
9	http://osvdb.org/55236	af854a3a-2127-422b-91ae-364da2661108
10	http://support.apple.com/kb/HT3639	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/bid/35414	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/bid/35447	af854a3a-2127-422b-91ae-364da2661108
13	http://www.vupen.com/english/advisories/2009/1621	af854a3a-2127-422b-91ae-364da2661108
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/51208	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List