cnvd - cnvd-2016-10587

cnvd-2016-10587

Vulnerability from cnvd

Title: WebKit信息泄露漏洞（CNVD-2016-10587）

Description:

WebKit是KDE、苹果（Apple）、谷歌（Google）等公司共同开发的一套开源Web浏览器引擎，目前被Apple Safari及Google Chrome等浏览器使用。

WebKit存在信息泄露漏洞，攻击者可利用漏洞获取敏感信息。

Severity: 中

Patch Name: WebKit信息泄露漏洞（CNVD-2016-10587）的补丁

Patch Description:

WebKit是KDE、苹果（Apple）、谷歌（Google）等公司共同开发的一套开源Web浏览器引擎，目前被Apple Safari及Google Chrome等浏览器使用。

WebKit存在信息泄露漏洞，攻击者可利用漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://prod.lists.apple.com/archives/security-announce/2016/Oct/msg00006.html http://prod.lists.apple.com/archives/security-announce/2016/Oct/msg00007.html

Reference: http://www.securityfocus.com/bid/93949

Impacted products

Name
['WebKit Open Source Project WebKit 0', 'Apple iTunes 10.6', 'Apple iTunes 10', 'Apple iTunes 10.1', 'Apple iTunes 10.2', 'Apple iTunes 10.2.2', 'Apple iTunes 10.5', 'Apple iTunes 10.5.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93949"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4613"
    }
  },
  "description": "WebKit\u662fKDE\u3001\u82f9\u679c\uff08Apple\uff09\u3001\u8c37\u6b4c\uff08Google\uff09\u7b49\u516c\u53f8\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002 \r\n\r\nWebKit\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Apple",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://prod.lists.apple.com/archives/security-announce/2016/Oct/msg00006.html\r\nhttp://prod.lists.apple.com/archives/security-announce/2016/Oct/msg00007.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10587",
  "openTime": "2016-11-03",
  "patchDescription": "WebKit\u662fKDE\u3001\u82f9\u679c\uff08Apple\uff09\u3001\u8c37\u6b4c\uff08Google\uff09\u7b49\u516c\u53f8\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002 \r\n\r\nWebKit\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WebKit\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-10587\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "WebKit Open Source Project WebKit 0",
      "Apple iTunes 10.6",
      "Apple iTunes 10",
      "Apple iTunes 10.1",
      "Apple iTunes 10.2",
      "Apple iTunes 10.2.2",
      "Apple iTunes 10.5",
      "Apple iTunes 10.5.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93949",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-03",
  "title": "WebKit\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-10587\uff09"
}

CVE-2016-4613 (GCVE-0-2016-4613)

Vulnerability from cvelistv5

Published

2017-02-20 08:35

Modified

2024-08-06 00:32

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/93949	vdb-entry, x_refsource_BID
	https://support.apple.com/HT207273	x_refsource_CONFIRM
	https://support.apple.com/HT207270	x_refsource_CONFIRM
	https://support.apple.com/HT207274	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037139	vdb-entry, x_refsource_SECTRACK
	https://support.apple.com/HT207272	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:32:25.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93949",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207274"
          },
          {
            "name": "1037139",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037139"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "93949",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207274"
        },
        {
          "name": "1037139",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037139"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207272"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93949",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93949"
            },
            {
              "name": "https://support.apple.com/HT207273",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207273"
            },
            {
              "name": "https://support.apple.com/HT207270",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207270"
            },
            {
              "name": "https://support.apple.com/HT207274",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207274"
            },
            {
              "name": "1037139",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037139"
            },
            {
              "name": "https://support.apple.com/HT207272",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207272"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-4613",
    "datePublished": "2017-02-20T08:35:00",
    "dateReserved": "2016-05-11T00:00:00",
    "dateUpdated": "2024-08-06T00:32:25.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted