CVE-2009-0958

high

Description

Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51208

http://www.vupen.com/english/advisories/2009/1621

http://www.securityfocus.com/bid/35447

http://www.securityfocus.com/bid/35414

http://support.apple.com/kb/HT3639

http://osvdb.org/55236

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Details

Source: Mitre, NVD

Published: 2009-06-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00254