cnvd - cnvd-2016-03434

cnvd-2016-03434

Vulnerability from cnvd

Title: Apple OS X El Capitan tcl信息泄露漏洞

Description:

Apple OS X El Capitan是一款苹果设备上的操作系统。

Apple OS X El Capitan TCL存在未明安全漏洞，允许攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: Apple OS X El Capitan tcl信息泄露漏洞的补丁

Patch Description:

Apple OS X El Capitan是一款苹果设备上的操作系统。

Apple OS X El Capitan TCL存在未明安全漏洞，允许攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://support.apple.com/en-au/HT206567

Reference: https://support.apple.com/en-au/HT206567

Impacted products

Name
Apple OS X <10.11.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1853"
    }
  },
  "description": "Apple OS X El Capitan\u662f\u4e00\u6b3e\u82f9\u679c\u8bbe\u5907\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple OS X El Capitan TCL\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "researchers at Tel Aviv University, M\u00fcnster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\u00e4sper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-au/HT206567",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03434",
  "openTime": "2016-05-24",
  "patchDescription": "Apple OS X El Capitan\u662f\u4e00\u6b3e\u82f9\u679c\u8bbe\u5907\u4e0a\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple OS X El Capitan TCL\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple OS X El Capitan tcl\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple OS X \u003c10.11.5"
  },
  "referenceLink": "https://support.apple.com/en-au/HT206567",
  "serverity": "\u4e2d",
  "submitTime": "2016-05-22",
  "title": "Apple OS X El Capitan tcl\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2016-1853 (GCVE-0-2016-1853)

Vulnerability from cvelistv5

Published

2016-05-20 10:00

Modified

2024-08-05 23:10

Severity ?

CWE

Summary

Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support.

References

▼	URL	Tags
	https://support.apple.com/HT206567	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html	vendor-advisory, x_refsource_APPLE
	http://www.securityfocus.com/bid/90696	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1035895	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:39.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206567"
          },
          {
            "name": "APPLE-SA-2016-05-16-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
          },
          {
            "name": "90696",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90696"
          },
          {
            "name": "1035895",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035895"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206567"
        },
        {
          "name": "APPLE-SA-2016-05-16-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
        },
        {
          "name": "90696",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90696"
        },
        {
          "name": "1035895",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035895"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1853",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain sensitive information by leveraging SSLv2 support."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT206567",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206567"
            },
            {
              "name": "APPLE-SA-2016-05-16-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
            },
            {
              "name": "90696",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90696"
            },
            {
              "name": "1035895",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035895"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-1853",
    "datePublished": "2016-05-20T10:00:00",
    "dateReserved": "2016-01-13T00:00:00",
    "dateUpdated": "2024-08-05T23:10:39.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted