Vulnerabilidad en iPhone OS (CVE-2009-1692)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
19/06/2009
Última modificación:
09/04/2025
Descripción
WebKit en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante una página web conteniendo un objeto HTMLSelectElement con un atributo "length" grande.
Impacto
Puntuación base 2.0
7.10
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://osvdb.org/55242
- http://secunia.com/advisories/36977
- http://secunia.com/advisories/37746
- http://secunia.com/advisories/43068
- http://support.apple.com/kb/HT3639
- http://www.debian.org/security/2009/dsa-1950
- http://www.g-sec.lu/one-bug-to-rule-them-all.html
- http://www.securityfocus.com/archive/1/504969/100/0/threaded
- http://www.securityfocus.com/archive/1/504988/100/0/threaded
- http://www.securityfocus.com/archive/1/504989/100/0/threaded
- http://www.securityfocus.com/archive/1/505006/100/0/threaded
- http://www.securityfocus.com/bid/35414
- http://www.securityfocus.com/bid/35446
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2011/0212
- https://bugs.webkit.org/show_bug.cgi?id=23319
- https://www.exploit-db.com/exploits/9160
- http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://osvdb.org/55242
- http://secunia.com/advisories/36977
- http://secunia.com/advisories/37746
- http://secunia.com/advisories/43068
- http://support.apple.com/kb/HT3639
- http://www.debian.org/security/2009/dsa-1950
- http://www.g-sec.lu/one-bug-to-rule-them-all.html
- http://www.securityfocus.com/archive/1/504969/100/0/threaded
- http://www.securityfocus.com/archive/1/504988/100/0/threaded
- http://www.securityfocus.com/archive/1/504989/100/0/threaded
- http://www.securityfocus.com/archive/1/505006/100/0/threaded
- http://www.securityfocus.com/bid/35414
- http://www.securityfocus.com/bid/35446
- http://www.vupen.com/english/advisories/2009/1621
- http://www.vupen.com/english/advisories/2011/0212
- https://bugs.webkit.org/show_bug.cgi?id=23319
- https://www.exploit-db.com/exploits/9160