7.1

CVE-2009-1692

EPSS 4.27%
Published 19.06.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

Affected products Warnungen 0 Metrics 2 CWE 0 References 23

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version1.0.0

Apple ≫ iPhone OS Version1.0.1

Apple ≫ iPhone OS Version1.0.2

Apple ≫ iPhone OS Version1.1.0

Apple ≫ iPhone OS Version1.1.1

Apple ≫ iPhone OS Version1.1.2

Apple ≫ iPhone OS Version1.1.3

Apple ≫ iPhone OS Version1.1.4

Apple ≫ iPhone OS Version1.1.5

Apple ≫ iPhone OS Version2.0

Apple ≫ iPhone OS Version2.0.0

Apple ≫ iPhone OS Version2.0.1

Apple ≫ iPhone OS Version2.0.2

Apple ≫ iPhone OS Version2.1

Apple ≫ iPhone OS Version2.1.1

Apple ≫ iPhone OS Version2.2

Apple ≫ iPhone OS Version2.2.1

Apple ≫ iPhone OS

Apple ≫ iPhone OS Version1.1.0

Apple ≫ iPhone OS Version1.1.1

Apple ≫ iPhone OS Version1.1.2

Apple ≫ iPhone OS Version1.1.3

Apple ≫ iPhone OS Version1.1.4

Apple ≫ iPhone OS Version1.1.5

Apple ≫ iPhone OS Version2.0

Apple ≫ iPhone OS Version2.0.0

Apple ≫ iPhone OS Version2.0.1

Apple ≫ iPhone OS Version2.0.2

Apple ≫ iPhone OS Version2.1

Apple ≫ iPhone OS Version2.1.1

Apple ≫ iPhone OS Version2.2

Apple ≫ iPhone OS Version2.2.1

Apple ≫ Ipod Touch

Apple ≫ Safari

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.27%	0.884

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Vendor Advisory

http://support.apple.com/kb/HT3639

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1621

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

http://www.vupen.com/english/advisories/2011/0212

http://secunia.com/advisories/37746

http://www.debian.org/security/2009/dsa-1950

http://www.securityfocus.com/bid/35414

http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121

http://osvdb.org/55242

http://secunia.com/advisories/36977

http://www.g-sec.lu/one-bug-to-rule-them-all.html

http://www.securityfocus.com/archive/1/504969/100/0/threaded

http://www.securityfocus.com/archive/1/504988/100/0/threaded

http://www.securityfocus.com/archive/1/504989/100/0/threaded

http://www.securityfocus.com/archive/1/505006/100/0/threaded

http://www.securityfocus.com/bid/35446

https://bugs.webkit.org/show_bug.cgi?id=23319

https://www.exploit-db.com/exploits/9160

https://nvd.nist.gov/vuln/detail/CVE-2009-1692

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1692

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1692

EUVD