Sign-up

ID

VAR-200909-0208


CVE

CVE-2009-3273


TITLE

Apple iPhone OS of iPhone Mail In SSL Vulnerability impersonating an email server

Trust: 0.8

sources: JVNDB: JVNDB-2009-003755

DESCRIPTION

iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to perform man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Trust: 2.07

sources: NVD: CVE-2009-3273 // JVNDB: JVNDB-2009-003755 // BID: 36370 // VULHUB: VHN-40719 // VULMON: CVE-2009-3273

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iosscope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

sources: BID: 36370 // JVNDB: JVNDB-2009-003755 // CNNVD: CNNVD-200909-396 // NVD: CVE-2009-3273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3273
value: HIGH

Trust: 1.0

NVD: CVE-2009-3273
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200909-396
value: HIGH

Trust: 0.6

VULHUB: VHN-40719
value: HIGH

Trust: 0.1

VULMON: CVE-2009-3273
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-3273
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-40719
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40719 // VULMON: CVE-2009-3273 // JVNDB: JVNDB-2009-003755 // CNNVD: CNNVD-200909-396 // NVD: CVE-2009-3273

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-40719 // JVNDB: JVNDB-2009-003755 // NVD: CVE-2009-3273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-396

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200909-396

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003755

PATCH
title:Top Pageurl:http://www.apple.com/iphone/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003755

EXTERNAL IDS
db:NVDid:CVE-2009-3273
Trust: 2.6
db:BIDid:36370
Trust: 2.1
db:JVNDBid:JVNDB-2009-003755
Trust: 0.8
db:CNNVDid:CNNVD-200909-396
Trust: 0.7
db:VULHUBid:VHN-40719
Trust: 0.1
db:VULMONid:CVE-2009-3273
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40719 // 
            
            
            
            VULMON: CVE-2009-3273 // 
            
            
            
            BID: 36370 // 
            
            
            
            JVNDB: JVNDB-2009-003755 // 
            
            
            
            CNNVD: CNNVD-200909-396 // 
            
            
            
            NVD: CVE-2009-3273

REFERENCES
url:http://www.securityfocus.com/bid/36370
Trust: 1.8
url:http://www.securityfocus.com/archive/1/506428/100/0/threaded
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/53234
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3273
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3273
Trust: 0.8
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:/archive/1/506428
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/310.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40719 // 
            
            
            
            VULMON: CVE-2009-3273 // 
            
            
            
            BID: 36370 // 
            
            
            
            JVNDB: JVNDB-2009-003755 // 
            
            
            
            CNNVD: CNNVD-200909-396 // 
            
            
            
            NVD: CVE-2009-3273

CREDITS
William Borskey
Trust: 0.9
sources:
            
            
            BID: 36370 // 
            
            
            
            CNNVD: CNNVD-200909-396

SOURCES
db:VULHUBid:VHN-40719
db:VULMONid:CVE-2009-3273
db:BIDid:36370
db:JVNDBid:JVNDB-2009-003755
db:CNNVDid:CNNVD-200909-396
db:NVDid:CVE-2009-3273

LAST UPDATE DATE
2025-04-10T23:16:25.402000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40719date:2019-09-26T00:00:00
db:VULMONid:CVE-2009-3273date:2021-05-23T00:00:00
db:BIDid:36370date:2009-09-11T19:11:00
db:JVNDBid:JVNDB-2009-003755date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-396date:2019-09-27T00:00:00
db:NVDid:CVE-2009-3273date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40719date:2009-09-21T00:00:00
db:VULMONid:CVE-2009-3273date:2009-09-21T00:00:00
db:BIDid:36370date:2009-09-11T00:00:00
db:JVNDBid:JVNDB-2009-003755date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-396date:2009-09-21T00:00:00
db:NVDid:CVE-2009-3273date:2009-09-21T19:30:00.500