Vulnerability Description
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | 1.0.0 |
| Apple | Ipod Touch | All versions |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlVendor Advisory
- http://osvdb.org/55236
- http://support.apple.com/kb/HT3639PatchVendor Advisory
- http://www.securityfocus.com/bid/35414
- http://www.securityfocus.com/bid/35447
- http://www.vupen.com/english/advisories/2009/1621
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51208
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlVendor Advisory
- http://osvdb.org/55236
- http://support.apple.com/kb/HT3639PatchVendor Advisory
- http://www.securityfocus.com/bid/35414
- http://www.securityfocus.com/bid/35447
- http://www.vupen.com/english/advisories/2009/1621
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51208
FAQ
What is CVE-2009-0958?
CVE-2009-0958 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to b...
How severe is CVE-2009-0958?
CVE-2009-0958 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0958?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Ipod Touch.