CVE-2008-1589

EPSS 0.26%
Published 14.07.2008 18:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari

   Apple ≫ Iphone Version1.0
   Apple ≫ Iphone Version1.1.3
   Apple ≫ Iphone Version1.1.4
   Apple ≫ Iphone Version1.02
   Apple ≫ Ipod Touch Version1.1
   Apple ≫ Ipod Touch Version1.1.1
   Apple ≫ Ipod Touch Version1.1.2
   Apple ≫ Ipod Touch Version1.1.3
   Apple ≫ Ipod Touch Version1.1.4
   Apple ≫ iPhone OS Version1.0.1
   Apple ≫ iPhone OS Version1.0.2
   Apple ≫ iPhone OS Version1.1.1
   Apple ≫ iPhone OS Version1.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.461

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

http://secunia.com/advisories/31074

http://www.vupen.com/english/advisories/2008/2094/references

http://www.securityfocus.com/bid/30186

http://jvn.jp/en/jp/JVN88676089/index.html

http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43734

https://nvd.nist.gov/vuln/detail/CVE-2008-1589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1589

EUVD