| Vulnerability Name: | CVE-2008-4232 (CCN-46763) | ||||||||
| Assigned: | 2008-11-21 | ||||||||
| Published: | 2008-11-21 | ||||||||
| Updated: | 2022-08-09 | ||||||||
| Summary: | Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4232 Source: APPLE Type: Vendor Advisory APPLE-SA-2008-11-20 Source: OSVDB Type: UNKNOWN 50029 Source: CCN Type: SA32756 Apple iPhone / iPod touch Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 32756 Source: CCN Type: SECTRACK ID: 1021272 Apple iPhone Safari Bugs Let Remote Users Spoof the Interface and Execute Arbitrary Code Source: CCN Type: Apple Web site About the security content of iPhone OS 2.2 and iPhone OS for iPod touch 2.2 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT3318 Source: CCN Type: OSVDB ID: 50029 Apple Safari on iPhone / iPod Touch iframe Element XSS Source: BID Type: UNKNOWN 32394 Source: CCN Type: BID-32394 Apple iPhone and iPod touch Prior to Version 2.2 Multiple Vulnerabilities Source: SECTRACK Type: UNKNOWN 1021272 Source: VUPEN Type: UNKNOWN ADV-2008-3232 Source: XF Type: UNKNOWN apple-iphone-safari-iframe-spoofing(46763) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||