CVE-2010-1407

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-06-2010 10:30

Last modified: - 02-09-2022 03:42

Total changes: - 3

Description

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

Reference

http://support.apple.com/kb/HT4225
APPLE-SA-2010-06-21-1-Vendor Advisory
41016-
41856-
USN-1006-1-
ADV-2010-2722-
APPLE-SA-2010-11-22-1-
http://support.apple.com/kb/HT4456
42314-
ADV-2011-0212-
SUSE-SR:2011:002-
43068-
MDVSA-2011:039-
ADV-2011-0552-
appleios-historyreplace-info-disclosure(59629)-

Keywords

CVE-2010-1407

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-1407

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures