Details of VAR-201004-0285

ID

VAR-201004-0285

CVE

CVE-2010-1226

TITLE

Apple iPhone of HTTP Service operation interruption in client function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-003956

DESCRIPTION

The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. Apple iPhone is prone to a denial-of-service vulnerability. Successfully exploiting this issue may allow attackers to crash the Safari, Mail, and Springboard applications on a vulnerable device, resulting in denial-of-service conditions. The issue affects iPhone 2G with OS 3.1 and iPhone 3GS with OS 3.1.3; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2010-1226 // JVNDB: JVNDB-2010-003956 // BID: 38758 // VULHUB: VHN-43831

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	eq	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	3.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	3.1 and 3.1.3	Trust: 0.8
vendor:	apple	model:	iphone	scope:	eq	version:	2g and 3gs	Trust: 0.8
vendor:	apple	model:	iphone	scope:	eq	version:	2g	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3gs	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.3

sources: BID: 38758 // JVNDB: JVNDB-2010-003956 // CNNVD: CNNVD-201004-452 // NVD: CVE-2010-1226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1226
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1226
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201004-452
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-43831
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1226
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-43831
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-43831 // JVNDB: JVNDB-2010-003956 // CNNVD: CNNVD-201004-452 // NVD: CVE-2010-1226

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-43831 // JVNDB: JVNDB-2010-003956 // NVD: CVE-2010-1226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-452

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201004-452

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003956

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43831

PATCH

title:

iPhone

url:

http://www.apple.com/iphone/

Trust: 0.8

sources: JVNDB: JVNDB-2010-003956

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1226	Trust: 2.8
db:	BID	id:	38758	Trust: 2.0
db:	EXPLOIT-DB	id:	11769	Trust: 1.7
db:	JVNDB	id:	JVNDB-2010-003956	Trust: 0.8
db:	CNNVD	id:	CNNVD-201004-452	Trust: 0.7
db:	VULHUB	id:	VHN-43831	Trust: 0.1

sources: VULHUB: VHN-43831 // BID: 38758 // JVNDB: JVNDB-2010-003956 // CNNVD: CNNVD-201004-452 // NVD: CVE-2010-1226

REFERENCES

url:	http://www.securityfocus.com/bid/38758	Trust: 1.7
url:	http://www.exploit-db.com/exploits/11769	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1226	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1226	Trust: 0.8
url:	http://www.apple.com/iphone/	Trust: 0.3

sources: VULHUB: VHN-43831 // BID: 38758 // JVNDB: JVNDB-2010-003956 // CNNVD: CNNVD-201004-452 // NVD: CVE-2010-1226

CREDITS

Chase Higgins

Trust: 0.3

sources: BID: 38758

SOURCES

db:	VULHUB	id:	VHN-43831
db:	BID	id:	38758
db:	JVNDB	id:	JVNDB-2010-003956
db:	CNNVD	id:	CNNVD-201004-452
db:	NVD	id:	CVE-2010-1226

LAST UPDATE DATE

2025-04-11T23:15:00.202000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-43831	date:	2010-04-02T00:00:00
db:	BID	id:	38758	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-003956	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201004-452	date:	2010-04-02T00:00:00
db:	NVD	id:	CVE-2010-1226	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-43831	date:	2010-04-01T00:00:00
db:	BID	id:	38758	date:	2010-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-003956	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201004-452	date:	2010-04-01T00:00:00
db:	NVD	id:	CVE-2010-1226	date:	2010-04-01T22:30:00.360