Vulnerability Description
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone | 2g |
| Apple | Iphone Os | 3.1 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/11769Exploit
- http://www.securityfocus.com/bid/38758Exploit
- http://www.exploit-db.com/exploits/11769Exploit
- http://www.securityfocus.com/bid/38758Exploit
FAQ
What is CVE-2010-1226?
CVE-2010-1226 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafte...
How severe is CVE-2010-1226?
CVE-2010-1226 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1226?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone, Apple Iphone Os.