Denial of Service Vulnerability in Palm Pre WebOS 1.1 by Palm
CVE-2009-5098

Currently unrated

Key Information:

Vendor

HP
Status
Palm Pre Webos
Vendor
CVE Published:
13 September 2011

What is CVE-2009-5098?

A vulnerability has been identified in the LunaSysMgr process of Palm Pre WebOS 1.1 and earlier versions that can be exploited by remote attackers to cause a denial of service. This occurs when the device is not displaying web pages in landscape mode. An attacker can leverage this vulnerability by sending a specially crafted web page containing a long string after a refresh tag, which triggers a floating point exception and leads to the crashing of the application.

References

http://www.securityfocus.com/archive/1/507126/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/so...
x_refsource_CONFIRM
http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-ve...
x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.