Sign-up

ID

VAR-201002-0145


CVE

CVE-2010-0496


TITLE

iPod touch of FreeBit ServersMan Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-003819

DESCRIPTION

FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. ServersMan is a server developed by Japan's FreeBit Company to provide complete network functions for iPhones. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Serversman HTTP Request Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA38315 VERIFY ADVISORY: http://secunia.com/advisories/38315/ DESCRIPTION: A vulnerability has been reported in Serversman (for iPhone / iPod Touch), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain HTTP requests, which can be exploited to crash the application by sending specially crafted HTTP requests. The vulnerability is reported in version 3.1.5. Other versions may also be affected. SOLUTION: There is no known workaround at this time. PROVIDED AND/OR DISCOVERED BY: Steven Seeley (mr_me) ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/att-0580/CORELAN-10-005.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2010-0496 // JVNDB: JVNDB-2010-003819 // VULHUB: VHN-43101 // PACKETSTORM: 85706

AFFECTED PRODUCTS

vendor:freebitmodel:serversmanscope:eqversion:3.1.5

Trust: 2.4

vendor:applemodel:iosscope:eqversion:3.1.2 and ipod touch

Trust: 0.8

sources: JVNDB: JVNDB-2010-003819 // CNNVD: CNNVD-201002-024 // NVD: CVE-2010-0496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0496
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0496
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201002-024
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43101
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0496
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43101
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43101 // JVNDB: JVNDB-2010-003819 // CNNVD: CNNVD-201002-024 // NVD: CVE-2010-0496

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-43101 // JVNDB: JVNDB-2010-003819 // NVD: CVE-2010-0496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-024

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201002-024

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003819

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43101

PATCH
title:Top Pageurl:http://www.apple.com/
Trust: 0.8
title:Top Pageurl:http://www.freebit.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003819

EXTERNAL IDS
db:NVDid:CVE-2010-0496
Trust: 2.5
db:SECUNIAid:38315
Trust: 1.8
db:JVNDBid:JVNDB-2010-003819
Trust: 0.8
db:CNNVDid:CNNVD-201002-024
Trust: 0.7
db:XFid:55949
Trust: 0.6
db:FULLDISCid:20100127 APPLE IPHONE/IPOD - SERVERSMAN 3.1.5 HTTP REMOTE DOS EXPLOIT
Trust: 0.6
db:SEEBUGid:SSVID-67586
Trust: 0.1
db:EXPLOIT-DBid:11273
Trust: 0.1
db:VULHUBid:VHN-43101
Trust: 0.1
db:PACKETSTORMid:85706
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43101 // 
            
            
            
            JVNDB: JVNDB-2010-003819 // 
            
            
            
            PACKETSTORM: 85706 // 
            
            
            
            CNNVD: CNNVD-201002-024 // 
            
            
            
            NVD: CVE-2010-0496

REFERENCES
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0580.html
Trust: 1.7
url:http://secunia.com/advisories/38315
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/55949
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0496
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0496
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/55949
Trust: 0.6
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://secunia.com/advisories/38315/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-01/att-0580/corelan-10-005.txt
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43101 // 
            
            
            
            JVNDB: JVNDB-2010-003819 // 
            
            
            
            PACKETSTORM: 85706 // 
            
            
            
            CNNVD: CNNVD-201002-024 // 
            
            
            
            NVD: CVE-2010-0496

CREDITS
Secunia
Trust: 0.1
sources:
            
            
            PACKETSTORM: 85706

SOURCES
db:VULHUBid:VHN-43101
db:JVNDBid:JVNDB-2010-003819
db:PACKETSTORMid:85706
db:CNNVDid:CNNVD-201002-024
db:NVDid:CVE-2010-0496

LAST UPDATE DATE
2025-04-11T23:02:22.146000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43101date:2017-08-17T00:00:00
db:JVNDBid:JVNDB-2010-003819date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201002-024date:2010-02-05T00:00:00
db:NVDid:CVE-2010-0496date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43101date:2010-02-03T00:00:00
db:JVNDBid:JVNDB-2010-003819date:2012-06-26T00:00:00
db:PACKETSTORMid:85706date:2010-01-29T13:55:10
db:CNNVDid:CNNVD-201002-024date:2010-02-03T00:00:00
db:NVDid:CVE-2010-0496date:2010-02-03T19:30:00.547