CVE-2010-1407

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/41856

http://secunia.com/advisories/42314

http://secunia.com/advisories/43068

http://support.apple.com/kb/HT4225

http://support.apple.com/kb/HT4456

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

http://www.securityfocus.com/bid/41016

http://www.ubuntu.com/usn/USN-1006-1

http://www.vupen.com/english/advisories/2010/2722

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2011/0552

https://exchange.xforce.ibmcloud.com/vulnerabilities/59629

Details

Source: MITRE

Published: 2010-06-22

Updated: 2017-08-17

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
75629openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
75627openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)NessusSuSE Local Security Checks
critical
53764openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)NessusSuSE Local Security Checks
critical
52523Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)NessusMandriva Local Security Checks
critical
5715Apple iOS < 4.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
50046Ubuntu 9.10 / 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1006-1)NessusUbuntu Local Security Checks
critical
47751FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)NessusFreeBSD Local Security Checks
critical
5578Apple iOS < 4.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical