Details of VAR-201006-0328

ID

VAR-201006-0328

CVE

CVE-2010-1755

TITLE

Apple iOS of Safari Remote in Web A vulnerability that allows the server to track users

Trust: 0.8

sources: JVNDB: JVNDB-2010-001679

DESCRIPTION

Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. Apple Safari for iOS is prone to a security-bypass vulnerability that allows unauthorized access to cookies. NOTE: This BID was previously covered in BID 41016 (Apple iPhone/iPod touch Prior to iOS 4 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS for iPhone and iPod touch is prone to multiple security vulnerabilities, including information-disclosure, remote code-execution, denial-of-service, security-bypass, and spoofing issues. These issues affect the Sandbox, CFNetwork, ImageIO, Passcode Lock, Safari, Settings, and WebKit components. Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible. Versions prior to iOS 4 are vulnerable. This BID is being retired. Apple iOS is an operating system developed by Apple Inc. for the iPhone. It is mainly used for iPhone, iPod touch and iPad

Trust: 2.25

sources: NVD: CVE-2010-1755 // JVNDB: JVNDB-2010-001679 // BID: 41065 // BID: 41016 // VULHUB: VHN-44360

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	4.0	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	2.0 to 3.1.3	Trust: 0.8
vendor:	apple	model:	ios for ipod touch	scope:	eq	version:	2.1 to 3.1.3	Trust: 0.8
vendor:	apple	model:	iphone	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.3	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.3	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.6
vendor:	apple	model:	ios	scope:	ne	version:	4	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.5	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	3.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	1.1.4	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	2.0.0	Trust: 0.6

sources: BID: 41065 // BID: 41016 // JVNDB: JVNDB-2010-001679 // CNNVD: CNNVD-201006-365 // NVD: CVE-2010-1755

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1755
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1755
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-365
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44360
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1755
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44360
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44360 // JVNDB: JVNDB-2010-001679 // CNNVD: CNNVD-201006-365 // NVD: CVE-2010-1755

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-44360 // JVNDB: JVNDB-2010-001679 // NVD: CVE-2010-1755

THREAT TYPE

network

Trust: 0.6

sources: BID: 41065 // BID: 41016

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201006-365

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001679

PATCH

title:	HT4225	url:	http://support.apple.com/kb/HT4225	Trust: 0.8
title:	HT4225	url:	http://support.apple.com/kb/HT4225?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2010-001679

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1755	Trust: 2.8
db:	BID	id:	41016	Trust: 2.0
db:	XF	id:	59634	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-001679	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-365	Trust: 0.7
db:	BID	id:	41065	Trust: 0.4
db:	VULHUB	id:	VHN-44360	Trust: 0.1

sources: VULHUB: VHN-44360 // BID: 41065 // BID: 41016 // JVNDB: JVNDB-2010-001679 // CNNVD: CNNVD-201006-365 // NVD: CVE-2010-1755

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/41016	Trust: 1.7
url:	http://support.apple.com/kb/ht4225	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/59634	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1755	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/59634	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1755	Trust: 0.8
url:	http://www.apple.com/iphone/softwareupdate/	Trust: 0.6
url:	http://www.apple.com/iphone/	Trust: 0.6
url:	http://www.apple.com/ipodtouch/	Trust: 0.6

sources: VULHUB: VHN-44360 // BID: 41065 // BID: 41016 // JVNDB: JVNDB-2010-001679 // CNNVD: CNNVD-201006-365 // NVD: CVE-2010-1755

CREDITS

Jason Dent

Trust: 0.3

sources: BID: 41065

SOURCES

db:	VULHUB	id:	VHN-44360
db:	BID	id:	41065
db:	BID	id:	41016
db:	JVNDB	id:	JVNDB-2010-001679
db:	CNNVD	id:	CNNVD-201006-365
db:	NVD	id:	CVE-2010-1755

LAST UPDATE DATE

2024-11-23T20:32:33.172000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44360	date:	2018-11-16T00:00:00
db:	BID	id:	41065	date:	2010-06-23T16:58:00
db:	BID	id:	41016	date:	2010-06-23T16:08:00
db:	JVNDB	id:	JVNDB-2010-001679	date:	2010-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201006-365	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2010-1755	date:	2024-11-21T01:15:07.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44360	date:	2010-06-22T00:00:00
db:	BID	id:	41065	date:	2010-06-21T00:00:00
db:	BID	id:	41016	date:	2010-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-001679	date:	2010-07-14T00:00:00
db:	CNNVD	id:	CNNVD-201006-365	date:	2010-06-24T00:00:00
db:	NVD	id:	CVE-2010-1755	date:	2010-06-22T20:30:01.647