cvelistv5 - CVE-2011-3254

CVE-2011-3254 (GCVE-0-2011-3254)

Vulnerability from cvelistv5

Published

2011-10-14 10:00

Modified

2024-09-17 01:26

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201110-0319

Vulnerability from variot

Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. An attacker may leverage this issue to execute arbitrary script code in the local domain. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following Apple systems are vulnerable: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later, iOS 4.2.0 through 4.3.5 for iPad NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------

Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/

TITLE: Apple iOS Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA46377

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

RELEASE DATE: 2011-10-14

DISCUSS ADVISORY: http://secunia.com/advisories/46377/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/46377/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device.

1) An error within the CalDAV component does not properly validate the SSL certificate when synchronizing the calendar, which can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.

2) Input passed via invitation notes is not properly sanitised in Calendar before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious invitation is being viewed.

3) The CFNetwork component stores a user's AppleID password and username in the log file readable by applications, which can be exploited to disclose the credentials.

4) The CFNetwork component does not properly restrict cross-domain access of HTTP cookies, which can be exploited to access the cookies of another web site.

5) An error exists within CoreFoundation when handling string tokenization.

For more information see vulnerability #1 in: SA46339

6) Multiple errors within CoreGraphics when handling the certain freetype fonts can be exploited to corrupt memory.

7) An error within CoreMedia does not properly handle cross-site redirects and can be exploited to disclose video data.

8) An error exits within the Data Access component when handling multiple accounts configured on the same server and can be exploited to disclose the cookie of another account.

9) The application accepts X.509 certificates with MD5 hashes, which could lead to weak cryptographic certificates being used. This can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.

10) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols.

For more information: SA46168

11) An error within ImageIO when handling CCITT Group 4 encoded TIFF files can be exploited to cause a buffer overflow.

For more information see vulnerability #1 in: SA43593

12) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #9 in: SA45325

13) An error within ICU (International Components for Unicode) can be exploited to cause a buffer overflow.

For more information see vulnerability #11 in: SA45054

14) An error within the kernel does not reclaim memory from incomplete TCP connections, which can be exploited to exhaust system resources by connecting to a listening service and cause the device to reset.

15) A NULL-pointer dereference error within the kernel when handling IPv6 socket options can be exploited to cause the device to reset.

16) An error within libxml can be exploited to cause a heap-based buffer overflow.

For more information see vulnerability #12 in: SA45325

17) An error within OfficeImport when viewing certain Microsoft Word files can be exploited to cause a buffer overflow.

18) An error within OfficeImport when viewing certain Microsoft Excel files can be exploited to cause a buffer overflow.

19) An indexing error exists in the OfficeImport framework when processing certain records in a Microsoft Word file.

For more information see vulnerability #19 in: SA45054

20) An error in the OfficeImport framework when processing records can be exploited to corrupt memory.

For more information see vulnerability #28 in: SA43814

21) An error within Safari does not properly handle the "attachment" HTTP Content-Disposition header and can be exploited to conduct cross-site scripting attacks.

22) The parental restrictions feature stores the restrictions passcode in plaintext on disk and can be exploited to disclose the passcode.

23) An error within UIKit does not properly handle "tel:" URIs and can be exploited to cause the device to hang by tricking the user into visiting a malicious website.

24) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.

For more information: SA43519 SA43683 SA43696 SA43859 SA45097 SA45325 SA45325 SA45498 SA45498 SA46339 SA46412

25) The WiFi credentials are stored in a file readable by other applications, which may lead to the credentials being disclosed.

Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may allow execution of arbitrary code.

SOLUTION: Apply iOS 5 Software Update.

PROVIDED AND/OR DISCOVERED BY: 1) Leszek Tasiemski, nSense. 6, 9) Reported by the vendor.

The vendor credits: 2) Rick Deacon 3) Peter Quade, qdevelop 4) Erling Ellingsen, Facebook. 7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 8) Bob Sielken, IBM 14) Wouter van der Veer, Topicus and Josh Enders 15) Thomas Clement, Intego 17) Tobias Klein via iDefense. 18) Tobias Klein, www.trapkit.de 21) Christian Matthies via iDefense and Yoshinori Oota, Business Architects via JP/CERT. 22) An anonymous person 23) Simon Young, Anglia Ruskin University 25) Laurent OUDOT, TEHTRI Security

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4999

nSense: http://www.nsense.fi/advisories/nsense_2011_006.txt

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201110-0319",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.2.0 to  4.3.5 (ipad for )"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.2.0 to  4.3.5 (iphone 3gs and  iphone 4)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "4.2.0 to  4.3.5 (ipod touch (3rd generation) after )"
      },
      {
        "model": "ipad",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "iphone",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "50161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipad",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:ipod_touch",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rick Deacon",
    "sources": [
      {
        "db": "BID",
        "id": "50161"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2011-3254",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-3254",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-51199",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-3254",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-3254",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201110-331",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-51199",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. \nAn attacker may leverage this issue to execute arbitrary script code in the local domain. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following Apple systems are vulnerable:\niOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4,\niOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later,\niOS 4.2.0 through 4.3.5 for iPad\nNOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46377\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46377/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377\n\nRELEASE DATE:\n2011-10-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46377/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46377/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iOS, which can\nbe exploited by malicious people with physical access to disclose\ncertain information and by malicious people to conduct script\ninsertion, cross-site scripting, and spoofing attacks, disclose\nsensitive information, bypass certain security restrictions, cause a\nDoS (Denial of Service), and compromise a user\u0027s device. \n\n1) An error within the CalDAV component does not properly validate\nthe SSL certificate when synchronizing the calendar, which can be\nexploited to disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\n2) Input passed via invitation notes is not properly sanitised in\nCalendar before being returned to the user. This can be exploited to\ninsert arbitrary HTML and script code, which will be executed in a\nuser\u0027s browser session in context of an affected site when the\nmalicious invitation is being viewed. \n\n3) The CFNetwork component stores a user\u0027s AppleID password and\nusername in the log file readable by applications, which can be\nexploited to disclose the credentials. \n\n4) The CFNetwork component does not properly restrict cross-domain\naccess of HTTP cookies, which can be exploited to access the cookies\nof another web site. \n\n5) An error exists within CoreFoundation when handling string\ntokenization. \n\nFor more information see vulnerability #1 in:\nSA46339\n\n6) Multiple errors within CoreGraphics when handling the certain\nfreetype fonts can be exploited to corrupt memory. \n\n7) An error within CoreMedia does not properly handle cross-site\nredirects and can be exploited to disclose video data. \n\n8) An error exits within the Data Access component when handling\nmultiple accounts configured on the same server and can be exploited\nto disclose the cookie of another account. \n\n9) The application accepts X.509 certificates with MD5 hashes, which\ncould lead to weak cryptographic certificates being used. This can be\nexploited to disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\n10) A design error exists within the implementation of SSL 3.0 and\nTLS 1.0 protocols. \n\nFor more information:\nSA46168\n\n11) An error within ImageIO when handling CCITT Group 4 encoded TIFF\nfiles can be exploited to cause a buffer overflow. \n\nFor more information see vulnerability #1 in:\nSA43593\n\n12) An error in ImageIO within the handling of CCITT Group 4 encoded\nTIFF image files can be exploited to cause a heap-based buffer\noverflow. \n\nFor more information see vulnerability #9 in:\nSA45325\n\n13) An error within ICU (International Components for Unicode) can be\nexploited to cause a buffer overflow. \n\nFor more information see vulnerability #11 in:\nSA45054\n\n14) An error within the kernel does not reclaim memory from\nincomplete TCP connections, which can be exploited to exhaust system\nresources by connecting to a listening service and cause the device\nto reset. \n\n15) A NULL-pointer dereference error within the kernel when handling\nIPv6 socket options can be exploited to cause the device to reset. \n\n16) An error within libxml can be exploited to cause a heap-based\nbuffer overflow. \n\nFor more information see vulnerability #12 in:\nSA45325\n\n17) An error within OfficeImport when viewing certain Microsoft Word\nfiles can be exploited to cause a buffer overflow. \n\n18) An error within OfficeImport when viewing certain Microsoft Excel\nfiles can be exploited to cause a buffer overflow. \n\n19) An indexing error exists in the OfficeImport framework when\nprocessing certain records in a Microsoft Word file. \n\nFor more information see vulnerability #19 in:\nSA45054\n\n20) An error in the OfficeImport framework when processing records\ncan be exploited to corrupt memory. \n\nFor more information see vulnerability #28 in:\nSA43814\n\n21) An error within Safari does not properly handle the \"attachment\"\nHTTP Content-Disposition header and can be exploited to conduct\ncross-site scripting attacks. \n\n22) The parental restrictions feature stores the restrictions\npasscode in plaintext on disk and can be exploited to disclose the\npasscode. \n\n23) An error within UIKit does not properly handle \"tel:\" URIs and\ncan be exploited to cause the device to hang by tricking the user\ninto visiting a malicious website. \n\n24) Some vulnerabilities are caused due to a bundled vulnerable\nversion of WebKit. \n\nFor more information:\nSA43519\nSA43683\nSA43696\nSA43859\nSA45097\nSA45325\nSA45325\nSA45498\nSA45498\nSA46339\nSA46412\n\n25) The WiFi credentials are stored in a file readable by other\napplications, which may lead to the credentials being disclosed. \n\nSuccessful exploitation of vulnerabilities #6, #16 \\x96 #20, and #24 may\nallow execution of arbitrary code. \n\nSOLUTION:\nApply iOS 5 Software Update. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Leszek Tasiemski, nSense. \n6, 9) Reported by the vendor. \n\nThe vendor credits:\n2) Rick Deacon\n3) Peter Quade, qdevelop\n4) Erling Ellingsen, Facebook. \n7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)\n8) Bob Sielken, IBM\n14) Wouter van der Veer, Topicus and Josh Enders\n15) Thomas Clement, Intego\n17) Tobias Klein via iDefense. \n18) Tobias Klein, www.trapkit.de\n21) Christian Matthies via iDefense and Yoshinori Oota, Business\nArchitects via JP/CERT. \n22) An anonymous person\n23) Simon Young, Anglia Ruskin University\n25) Laurent OUDOT, TEHTRI Security\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4999\n\nnSense:\nhttp://www.nsense.fi/advisories/nsense_2011_006.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "BID",
        "id": "50161"
      },
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-3254",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "46377",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2011-10-12-1",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "50161",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-51199",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "db": "BID",
        "id": "50161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "id": "VAR-201110-0319",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:16:12.729000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4999",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4999"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht4999"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3254"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu177979"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3254"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/46377"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.1,
        "url": "https://www.trapkit.de"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46377/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.nsense.fi/advisories/nsense_2011_006.txt"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/46377/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "db": "BID",
        "id": "50161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "db": "BID",
        "id": "50161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "date": "2011-10-12T00:00:00",
        "db": "BID",
        "id": "50161"
      },
      {
        "date": "2011-10-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "date": "2011-10-13T09:15:38",
        "db": "PACKETSTORM",
        "id": "105765"
      },
      {
        "date": "2011-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "date": "2011-10-14T10:55:09.933000",
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-10-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-51199"
      },
      {
        "date": "2011-10-12T00:00:00",
        "db": "BID",
        "id": "50161"
      },
      {
        "date": "2011-10-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "date": "2011-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      },
      {
        "date": "2024-11-21T01:30:06.947000",
        "db": "NVD",
        "id": "CVE-2011-3254"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS Calendar cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002461"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201110-331"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2011-AVI-567

Vulnerability from certfr_avis

De nombreuses vulnérabilités ont été corrigées dans Apple iOS pour iPhone, iPad et iPod touch dont certaines permettent une exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans Apple iOS pour iPhone, iPad et iPod touch. Certaines permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de récupérer le mot de passe du compte «Apple ID» utilisé. Les composants suivants ont été mise à jour :

CalDAV ;
Calendar ;
CFNetwork ;
CoreFoundation ;
CoreGraphics ;
CoreMedia ;
ImageIO ;
International Components for Unicode ;
Kernel ;
Keyboards ;
libxml ;
OfficeImport ;
Safari ;
Settings ;
UIKit ;
WebKit ;
WiFi.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iPod touch avec iOS versions 4.3.5 et antérieures.
Apple	N/A	iPhone 4 et 3GS avec iOS versions 4.3.5 et antérieures ;
Apple	N/A	iPad avec iOS versions 4.3.5 et antérieures ;

References

Title

Publication Time

fkie_cve-2011-3254

Vulnerability from fkie_nvd

Published

2011-10-14 10:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4999	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4999	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	4.2
apple	iphone_os	4.2.1
apple	iphone_os	4.2.5
apple	iphone_os	4.2.8
apple	iphone_os	4.2.9
apple	iphone_os	4.3.0
apple	iphone_os	4.3.1
apple	iphone_os	4.3.2
apple	iphone_os	4.3.3
apple	iphone_os	4.3.4
apple	iphone_os	4.3.5
apple	iphone_os	4.3.5
apple	iphone_os	4.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1878949F-8E15-4751-8D8A-BFB2B9B9254A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78F7B3E-397F-480D-8B07-A9B0C4A789E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF21ABCB-7CAC-467F-A6B6-06AC2E5CB5EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
              "matchCriteriaId": "396634C5-774C-4131-B927-3CAD239EF0B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "64FF0F29-B3C2-4BDC-89FF-DBEDE87D64A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzadas (XSS) en Caledar de Apple iOS antes de v5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una nota de invitaci\u00f3n."
    }
  ],
  "id": "CVE-2011-3254",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-14T10:55:09.933",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4999"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-5wv5-fjr2-cm75

Vulnerability from github

Published

2022-05-17 05:37

Modified

2022-05-17 05:37

Details

Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-10-14T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.",
  "id": "GHSA-5wv5-fjr2-cm75",
  "modified": "2022-05-17T05:37:45Z",
  "published": "2022-05-17T05:37:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3254"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2011-3254

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.

Aliases

CVE-2011-3254

Aliases

CVE-2011-3254

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3254",
    "description": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.",
    "id": "GSD-2011-3254"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3254"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.",
      "id": "GSD-2011-3254",
      "modified": "2023-12-13T01:19:09.818871Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2011-3254",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2011-10-12-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4999",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4999"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2011-3254"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2011-10-12-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4999",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4999"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-10-14T10:55Z",
      "publishedDate": "2011-10-14T10:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-3254 (GCVE-0-2011-3254)

Vulnerability from cvelistv5

var-201110-0319

Vulnerability from variot

CERTA-2011-AVI-567

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2011-3254

Vulnerability from fkie_nvd

ghsa-5wv5-fjr2-cm75

Vulnerability from github

gsd-2011-3254

Vulnerability from gsd

Tags

Sightings

Nomenclature