var-201110-0318
Vulnerability from variot
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. Apple iOS is prone to an information-disclosure vulnerability that affects the calendar synchronization feature. Attackers can exploit this issue to obtain sensitive information from CalDAV communications. An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks. NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA46377
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
RELEASE DATE: 2011-10-14
DISCUSS ADVISORY: http://secunia.com/advisories/46377/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46377/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device.
1) An error within the CalDAV component does not properly validate the SSL certificate when synchronizing the calendar, which can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.
2) Input passed via invitation notes is not properly sanitised in Calendar before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious invitation is being viewed.
3) The CFNetwork component stores a user's AppleID password and username in the log file readable by applications, which can be exploited to disclose the credentials.
4) The CFNetwork component does not properly restrict cross-domain access of HTTP cookies, which can be exploited to access the cookies of another web site.
5) An error exists within CoreFoundation when handling string tokenization.
For more information see vulnerability #1 in: SA46339
6) Multiple errors within CoreGraphics when handling the certain freetype fonts can be exploited to corrupt memory.
7) An error within CoreMedia does not properly handle cross-site redirects and can be exploited to disclose video data.
8) An error exits within the Data Access component when handling multiple accounts configured on the same server and can be exploited to disclose the cookie of another account.
9) The application accepts X.509 certificates with MD5 hashes, which could lead to weak cryptographic certificates being used. This can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack.
10) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols.
For more information: SA46168
11) An error within ImageIO when handling CCITT Group 4 encoded TIFF files can be exploited to cause a buffer overflow.
For more information see vulnerability #1 in: SA43593
12) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #9 in: SA45325
13) An error within ICU (International Components for Unicode) can be exploited to cause a buffer overflow.
For more information see vulnerability #11 in: SA45054
14) An error within the kernel does not reclaim memory from incomplete TCP connections, which can be exploited to exhaust system resources by connecting to a listening service and cause the device to reset.
15) A NULL-pointer dereference error within the kernel when handling IPv6 socket options can be exploited to cause the device to reset.
16) An error within libxml can be exploited to cause a heap-based buffer overflow.
For more information see vulnerability #12 in: SA45325
17) An error within OfficeImport when viewing certain Microsoft Word files can be exploited to cause a buffer overflow.
18) An error within OfficeImport when viewing certain Microsoft Excel files can be exploited to cause a buffer overflow.
19) An indexing error exists in the OfficeImport framework when processing certain records in a Microsoft Word file.
For more information see vulnerability #19 in: SA45054
20) An error in the OfficeImport framework when processing records can be exploited to corrupt memory.
For more information see vulnerability #28 in: SA43814
21) An error within Safari does not properly handle the "attachment" HTTP Content-Disposition header and can be exploited to conduct cross-site scripting attacks.
22) The parental restrictions feature stores the restrictions passcode in plaintext on disk and can be exploited to disclose the passcode.
23) An error within UIKit does not properly handle "tel:" URIs and can be exploited to cause the device to hang by tricking the user into visiting a malicious website.
24) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.
For more information: SA43519 SA43683 SA43696 SA43859 SA45097 SA45325 SA45325 SA45498 SA45498 SA46339 SA46412
25) The WiFi credentials are stored in a file readable by other applications, which may lead to the credentials being disclosed.
Successful exploitation of vulnerabilities #6, #16 \x96 #20, and #24 may allow execution of arbitrary code.
SOLUTION: Apply iOS 5 Software Update.
PROVIDED AND/OR DISCOVERED BY: 1) Leszek Tasiemski, nSense. 6, 9) Reported by the vendor.
The vendor credits: 2) Rick Deacon 3) Peter Quade, qdevelop 4) Erling Ellingsen, Facebook. 7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 8) Bob Sielken, IBM 14) Wouter van der Veer, Topicus and Josh Enders 15) Thomas Clement, Intego 17) Tobias Klein via iDefense. 18) Tobias Klein, www.trapkit.de 21) Christian Matthies via iDefense and Yoshinori Oota, Business Architects via JP/CERT. 22) An anonymous person 23) Simon Young, Anglia Ruskin University 25) Laurent OUDOT, TEHTRI Security
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4999
nSense: http://www.nsense.fi/advisories/nsense_2011_006.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. nSense Vulnerability Research Security Advisory NSENSE-2011-006 --------------------------------------------------------------- t2'11 infosec conference special release http://www.t2.fi ---------------------------------------------------------------
Affected Vendor: Apple Inc.
Affected Product: CalDAV (iOS 3.0 through 4.3.5 for iPhone 3GS
and iPhone 4, iOS 3.1 through 4.3.5 for iPod
touch (3rd generation) and later, iOS 3.2
through 4.3.5 for iPad)
Platform: iOS
Impact: Sensitive information interception
Vendor response: New version released
CVE: CVE-2011-3253
Credit: Leszek / nSense
Release date: 12 Oct 2011
Technical details
---------------------------------------------------------------
The calendar synchronization feature of iOS fails to validate
the SSL certificate provided by the server. Therefore, CalDAV
communication can be intercepted by a basic man in the middle
attack. As every request contains a HTTP basic authentication
header, which contains base64-encoded credentials, it is
possible to intercept email account credentials by an attacker
that is suitably positioned (e.g. the same LAN, WLAN) or is
able to tamper with DNS records pointing to the CalDAV server.
The application accepts the untrusted certificate without any
warning or prompt, so the attack will go unnoticed by the user.
Timeline:
20110407 nSense informed the vendor about the vulnerability
20110409 Vendor started to investigate the issue
20110415 nSense sent a status update request to the vendor
20110415 Vendor provided a status update
20110420 nSense asked the vendor for further information
20110502 nSense resent the previous questions
20110502 Vendor confirmed the vulnerability
20110525 nSense asked the vendor about the patch schedule
20110527 Vendor responded
20110527 nSense asked the vendor for further information
20110531 Vendor responded, unable to provide a date
20110601 nSense asked the vendor for clarification
20110603 Vendor responded
20110603 nSense resent the previous question
20110607 nSense commented the issue, asked the vendor for
clarification
20110705 nSense asked the vendor for clarification
20110726 nSense asked the vendor whether 4.3.5 fixed the
issue
20110727 Vendor responded. Issue not fixed.
20110728 nSense asked the vendor for further details
20110917 Vendor asked for credit information
20110917 nSense responded
20111002 Vendor confirmed release date
20111012 Vendor releases fixed version of the software
20111012 Vendor releases public advisory
Solution:
Apple security updates are available via the Software Update
mechanism: http://support.apple.com/kb/HT1338
Apple security updates are also available for manual download
via: http://www.apple.com/support/downloads/
More information from Apple Inc.:
http://support.apple.com/kb/HT1222
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.0 to 4.3.5 (iphone 3gs and iphone 4)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 to 4.3.5 (ipod touch (3rd generation) after )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 to 4.3.5 (ipad for )"
},
{
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5"
}
],
"sources": [
{
"db": "BID",
"id": "50149"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipad",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Leszek Tasiemski of nSense",
"sources": [
{
"db": "BID",
"id": "50149"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2011-3253",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-51198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3253",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2011-3253",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201110-330",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-51198",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51198"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. Apple iOS is prone to an information-disclosure vulnerability that affects the calendar synchronization feature. \nAttackers can exploit this issue to obtain sensitive information from CalDAV communications. \nAn attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain credentials or other sensitive information or give users a false sense of security. Information harvested may aid in further attacks. \nNOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46377\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46377/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377\n\nRELEASE DATE:\n2011-10-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46377/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46377/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apple iOS, which can\nbe exploited by malicious people with physical access to disclose\ncertain information and by malicious people to conduct script\ninsertion, cross-site scripting, and spoofing attacks, disclose\nsensitive information, bypass certain security restrictions, cause a\nDoS (Denial of Service), and compromise a user\u0027s device. \n\n1) An error within the CalDAV component does not properly validate\nthe SSL certificate when synchronizing the calendar, which can be\nexploited to disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\n2) Input passed via invitation notes is not properly sanitised in\nCalendar before being returned to the user. This can be exploited to\ninsert arbitrary HTML and script code, which will be executed in a\nuser\u0027s browser session in context of an affected site when the\nmalicious invitation is being viewed. \n\n3) The CFNetwork component stores a user\u0027s AppleID password and\nusername in the log file readable by applications, which can be\nexploited to disclose the credentials. \n\n4) The CFNetwork component does not properly restrict cross-domain\naccess of HTTP cookies, which can be exploited to access the cookies\nof another web site. \n\n5) An error exists within CoreFoundation when handling string\ntokenization. \n\nFor more information see vulnerability #1 in:\nSA46339\n\n6) Multiple errors within CoreGraphics when handling the certain\nfreetype fonts can be exploited to corrupt memory. \n\n7) An error within CoreMedia does not properly handle cross-site\nredirects and can be exploited to disclose video data. \n\n8) An error exits within the Data Access component when handling\nmultiple accounts configured on the same server and can be exploited\nto disclose the cookie of another account. \n\n9) The application accepts X.509 certificates with MD5 hashes, which\ncould lead to weak cryptographic certificates being used. This can be\nexploited to disclose encrypted information e.g. using a\nMan-in-the-Middle (MitM) attack. \n\n10) A design error exists within the implementation of SSL 3.0 and\nTLS 1.0 protocols. \n\nFor more information:\nSA46168\n\n11) An error within ImageIO when handling CCITT Group 4 encoded TIFF\nfiles can be exploited to cause a buffer overflow. \n\nFor more information see vulnerability #1 in:\nSA43593\n\n12) An error in ImageIO within the handling of CCITT Group 4 encoded\nTIFF image files can be exploited to cause a heap-based buffer\noverflow. \n\nFor more information see vulnerability #9 in:\nSA45325\n\n13) An error within ICU (International Components for Unicode) can be\nexploited to cause a buffer overflow. \n\nFor more information see vulnerability #11 in:\nSA45054\n\n14) An error within the kernel does not reclaim memory from\nincomplete TCP connections, which can be exploited to exhaust system\nresources by connecting to a listening service and cause the device\nto reset. \n\n15) A NULL-pointer dereference error within the kernel when handling\nIPv6 socket options can be exploited to cause the device to reset. \n\n16) An error within libxml can be exploited to cause a heap-based\nbuffer overflow. \n\nFor more information see vulnerability #12 in:\nSA45325\n\n17) An error within OfficeImport when viewing certain Microsoft Word\nfiles can be exploited to cause a buffer overflow. \n\n18) An error within OfficeImport when viewing certain Microsoft Excel\nfiles can be exploited to cause a buffer overflow. \n\n19) An indexing error exists in the OfficeImport framework when\nprocessing certain records in a Microsoft Word file. \n\nFor more information see vulnerability #19 in:\nSA45054\n\n20) An error in the OfficeImport framework when processing records\ncan be exploited to corrupt memory. \n\nFor more information see vulnerability #28 in:\nSA43814\n\n21) An error within Safari does not properly handle the \"attachment\"\nHTTP Content-Disposition header and can be exploited to conduct\ncross-site scripting attacks. \n\n22) The parental restrictions feature stores the restrictions\npasscode in plaintext on disk and can be exploited to disclose the\npasscode. \n\n23) An error within UIKit does not properly handle \"tel:\" URIs and\ncan be exploited to cause the device to hang by tricking the user\ninto visiting a malicious website. \n\n24) Some vulnerabilities are caused due to a bundled vulnerable\nversion of WebKit. \n\nFor more information:\nSA43519\nSA43683\nSA43696\nSA43859\nSA45097\nSA45325\nSA45325\nSA45498\nSA45498\nSA46339\nSA46412\n\n25) The WiFi credentials are stored in a file readable by other\napplications, which may lead to the credentials being disclosed. \n\nSuccessful exploitation of vulnerabilities #6, #16 \\x96 #20, and #24 may\nallow execution of arbitrary code. \n\nSOLUTION:\nApply iOS 5 Software Update. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Leszek Tasiemski, nSense. \n6, 9) Reported by the vendor. \n\nThe vendor credits:\n2) Rick Deacon\n3) Peter Quade, qdevelop\n4) Erling Ellingsen, Facebook. \n7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)\n8) Bob Sielken, IBM\n14) Wouter van der Veer, Topicus and Josh Enders\n15) Thomas Clement, Intego\n17) Tobias Klein via iDefense. \n18) Tobias Klein, www.trapkit.de\n21) Christian Matthies via iDefense and Yoshinori Oota, Business\nArchitects via JP/CERT. \n22) An anonymous person\n23) Simon Young, Anglia Ruskin University\n25) Laurent OUDOT, TEHTRI Security\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4999\n\nnSense:\nhttp://www.nsense.fi/advisories/nsense_2011_006.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. nSense Vulnerability Research Security Advisory NSENSE-2011-006\n ---------------------------------------------------------------\n t2\u002711 infosec conference special release\n http://www.t2.fi\n ---------------------------------------------------------------\n\n Affected Vendor: Apple Inc. \n Affected Product: CalDAV (iOS 3.0 through 4.3.5 for iPhone 3GS\n and iPhone 4, iOS 3.1 through 4.3.5 for iPod\n touch (3rd generation) and later, iOS 3.2\n through 4.3.5 for iPad)\n Platform: iOS\n Impact: Sensitive information interception\n Vendor response: New version released\n CVE: CVE-2011-3253\n Credit: Leszek / nSense\n Release date: 12 Oct 2011\n\n Technical details\n ---------------------------------------------------------------\n The calendar synchronization feature of iOS fails to validate\n the SSL certificate provided by the server. Therefore, CalDAV\n communication can be intercepted by a basic man in the middle\n attack. As every request contains a HTTP basic authentication\n header, which contains base64-encoded credentials, it is\n possible to intercept email account credentials by an attacker\n that is suitably positioned (e.g. the same LAN, WLAN) or is\n able to tamper with DNS records pointing to the CalDAV server. \n\t\n The application accepts the untrusted certificate without any\n warning or prompt, so the attack will go unnoticed by the user. \n\n Timeline:\n 20110407 nSense informed the vendor about the vulnerability\n 20110409 Vendor started to investigate the issue\n 20110415 nSense sent a status update request to the vendor\n 20110415 Vendor provided a status update\n 20110420 nSense asked the vendor for further information\n 20110502 nSense resent the previous questions\n 20110502 Vendor confirmed the vulnerability\n 20110525 nSense asked the vendor about the patch schedule\n 20110527 Vendor responded\n 20110527 nSense asked the vendor for further information\n 20110531 Vendor responded, unable to provide a date\n 20110601 nSense asked the vendor for clarification\n 20110603 Vendor responded\n 20110603 nSense resent the previous question\n 20110607 nSense commented the issue, asked the vendor for\n clarification\n 20110705 nSense asked the vendor for clarification\n 20110726 nSense asked the vendor whether 4.3.5 fixed the\n issue\n 20110727 Vendor responded. Issue not fixed. \n 20110728 nSense asked the vendor for further details\n 20110917 Vendor asked for credit information\n 20110917 nSense responded\n 20111002 Vendor confirmed release date\n 20111012 Vendor releases fixed version of the software\n 20111012 Vendor releases public advisory\n\n\t\n Solution:\n Apple security updates are available via the Software Update\n mechanism: http://support.apple.com/kb/HT1338\n\t\n Apple security updates are also available for manual download\n via: http://www.apple.com/support/downloads/\n\n More information from Apple Inc.:\n http://support.apple.com/kb/HT1222\n\t\n Links:\n http://www.nsense.fi http://www.nsense.dk\n\n\n\n $$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s. \n $$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$\n $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$\n $$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$\n $$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P\n\n D r i v e n b y t h e c h a l l e n g e _\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3253"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "BID",
"id": "50149"
},
{
"db": "VULHUB",
"id": "VHN-51198"
},
{
"db": "PACKETSTORM",
"id": "105765"
},
{
"db": "PACKETSTORM",
"id": "105751"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-51198",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51198"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3253",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201110-330",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "46377",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-10-12-1",
"trust": 0.6
},
{
"db": "BID",
"id": "50149",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "105751",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-51198",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105765",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51198"
},
{
"db": "BID",
"id": "50149"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "PACKETSTORM",
"id": "105765"
},
{
"db": "PACKETSTORM",
"id": "105751"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"id": "VAR-201110-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-51198"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:54:13.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4999",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4999"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51198"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4999"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3253"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu177979"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3253"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46377"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2011/oct/544"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.1,
"url": "https://www.trapkit.de"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46377/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.nsense.fi/advisories/nsense_2011_006.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46377"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46377/"
},
{
"trust": 0.1,
"url": "http://www.t2.fi"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.nsense.dk"
},
{
"trust": 0.1,
"url": "http://www.nsense.fi"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3253"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1338"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51198"
},
{
"db": "BID",
"id": "50149"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "PACKETSTORM",
"id": "105765"
},
{
"db": "PACKETSTORM",
"id": "105751"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-51198"
},
{
"db": "BID",
"id": "50149"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"db": "PACKETSTORM",
"id": "105765"
},
{
"db": "PACKETSTORM",
"id": "105751"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-51198"
},
{
"date": "2011-10-12T00:00:00",
"db": "BID",
"id": "50149"
},
{
"date": "2011-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"date": "2011-10-13T09:15:38",
"db": "PACKETSTORM",
"id": "105765"
},
{
"date": "2011-10-13T03:07:54",
"db": "PACKETSTORM",
"id": "105751"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"date": "2011-10-14T10:55:09.887000",
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-51198"
},
{
"date": "2011-10-12T00:00:00",
"db": "BID",
"id": "50149"
},
{
"date": "2011-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002462"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-330"
},
{
"date": "2024-11-21T01:30:06.823000",
"db": "NVD",
"id": "CVE-2011-3253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS of CalDAV Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002462"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-330"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.