Уязвимость CVE-2010-1407: Информация

Описание

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

Важность: MEDIUM (4,3)

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

      ---