← Back

CVE-2008-1589

nvd nist
Published: Jul 14, 2008Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

Affected (1)

Products: Apple: Safari
Apple
1 product
Safari
Configuration A
1 vulnerable · 13 platform
Vulnerable SoftwareAffected Versions
Safari
All versions
Running on/withPlatform Versions
Apple
Iphone
Version 1.02
Apple
Iphone
Version 1.0
Apple
Iphone
Version 1.1.3
Apple
Iphone
Version 1.1.4
Apple
Iphone Os
Version 1.0.1
Apple
Iphone Os
Version 1.0.2
Apple
Iphone Os
Version 1.1.1
Apple
Iphone Os
Version 1.1.2
Apple
Ipod Touch
Version 1.1.1
Apple
Ipod Touch
Version 1.1.2
Apple
Ipod Touch
Version 1.1.3
Apple
Ipod Touch
Version 1.1.4
Apple
Ipod Touch
Version 1.1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.