CVE-2009-0958

Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.

Published: Jun 19, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0958
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
apple / iphone_os	1.0.0	1.0.0.x
apple / iphone_os	1.0.1	1.0.1.x
apple / iphone_os	1.0.2	1.0.2.x
apple / iphone_os	1.1.0	1.1.0.x
apple / iphone_os	1.1.1	1.1.1.x
apple / iphone_os	1.1.2	1.1.2.x
apple / iphone_os	1.1.3	1.1.3.x
apple / iphone_os	1.1.4	1.1.4.x
apple / iphone_os	1.1.5	1.1.5.x
apple / iphone_os	2.0	2.0.x
apple / iphone_os	2.0.0	2.0.0.x
apple / iphone_os	2.0.1	2.0.1.x
apple / iphone_os	2.0.2	2.0.2.x
apple / iphone_os	2.1	2.1.x
apple / iphone_os	2.1.1	2.1.1.x
apple / iphone_os	2.2	2.2.x
apple / iphone_os	2.2.1	2.2.1.x
apple / iphone_os	-	-
apple / ipod_touch	-	-

Vulnerability Database

289,697

CVE-2009-0958