cvelistv5 - cve-2017-13864

CVE-2017-13864 (GCVE-0-2017-13864)

Vulnerability from cvelistv5

Published

2017-12-25 21:00

Modified

2024-08-05 19:13

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2017-13864

Vulnerability from fkie_nvd

Published

2017-12-25 21:29

Modified

2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/102192	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1040013	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT208326	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT208328	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102192	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040013	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208326	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208328	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	itunes	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F90EA2-2903-4BF7-9E5E-405CBD84A835",
              "versionEndExcluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18B3810-D8DC-4A49-82B5-6819B9BE22AE",
              "versionEndExcluding": "12.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iCloud anteriores a la 7.2 en Windows y las versiones de iTunes anteriores a la 12.7.2 en Windows. El problema afecta al componente \"APNs Server\". Permite que atacantes de Man-in-the-Middle (MitM) rastreen usuarios aprovechando la gesti\u00f3n incorrecta de certificados de cliente."
    }
  ],
  "id": "CVE-2017-13864",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-25T21:29:14.217",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102192"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040013"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208326"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208328"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

De multiples vulnérabilités ont été découvertes dans les produits Apple . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Micrologiciels de AirPort Base Station versions antérieures à 7.7.9
Apple	N/A	Micrologiciels de AirPort Base Station versions antérieures à 7.6.9
Apple	N/A	iOS versions antérieures à 11.2.1
Apple	N/A	tvOS versions antérieures à 11.2.1
Apple	N/A	iCloud pour Windowsversions antérieures à 7.2

References

Title

Publication Time

gsd-2017-13864

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-13864

Aliases

CVE-2017-13864

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-13864",
    "description": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",
    "id": "GSD-2017-13864"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-13864"
      ],
      "details": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",
      "id": "GSD-2017-13864",
      "modified": "2023-12-13T01:21:02.081812Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-13864",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040013",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040013"
          },
          {
            "name": "https://support.apple.com/HT208326",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208326"
          },
          {
            "name": "102192",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102192"
          },
          {
            "name": "https://support.apple.com/HT208328",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208328"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "12.7.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-13864"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208328",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208328"
            },
            {
              "name": "https://support.apple.com/HT208326",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208326"
            },
            {
              "name": "1040013",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040013"
            },
            {
              "name": "102192",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102192"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-12-28T18:10Z",
      "publishedDate": "2017-12-25T21:29Z"
    }
  }
}

ghsa-qcg7-7rrg-78rf

Vulnerability from github

Published

2022-05-14 04:03

Modified

2022-05-14 04:03

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-13864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-25T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.",
  "id": "GHSA-qcg7-7rrg-78rf",
  "modified": "2022-05-14T04:03:16Z",
  "published": "2022-05-14T04:03:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13864"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208326"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208328"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102192"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

var-201712-0262

Vulnerability from variot

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. Apple iCloud/iTunes are prone to a security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iCloud for Windows is a cloud service based on the Windows platform, which supports storage of music, photos, Apps and contacts, etc. A remote attacker could exploit this vulnerability to track users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-12-13-3 iCloud for Windows 7.2

iCloud for Windows 7.2 is now available and addresses the following:

APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy

WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher

Installation note:

iCloud for Windows 7.2 may be obtained from: https://support.apple.com/HT204283

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnUIpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaAFBAA j1labMyPbFVE/pyYnyry4oO7ngi1PbCs0llErrZUYflZ6X2S32WE4y0wT4VPQqxQ Ew4/bzqTCtlcFEt0oeqNFicfuau6ti63+vct+yD7cTPJeA4Gk9U6uPFalmINUOfA X+8z/6L7eONrI4TKBtOMf3B67blOQdFLG3jOIuyHV7v4GWwbLLuZ6meBAhn3Q+K5 MWP79j7UKYJi2qCYOyafyO+WWU1P0h4LSooer4fDkp8jA5c17TylUhWjv4xJvrOD FGerSvQFC+fp+9ehD2UozXN+smQcYKKaHxp2ZIxU+p9KdeXtgW3cZMuU1kMY3A88 QqLLsXKHJF0+y2YMu6/0dZBNNsiATQ42RbCAot7uo1cEgei64jBsxPC2piHqsxSA wU9hjrqPMweRh64oPC8AOlR4NOAndSmUwEEosIibe/++Na8jyMwXYQh3pgilFIY7 6UfO0ZPP4f5ZWDnu0BDMwR8NFwyHn29tJbYqPVJ3/BZ8SrTHfozrJVXJzwmyeyw7 gd3UU6cTu43Z5x2/uenWYZltymptzfV/x1A7TuqpYD5IMjZDZWnBaQ2AkdWDdj3K wTjVzGtk66lo8L+n58eypJNKbgZ+KowEVMNRUh7HjcBeXod6F9u8hyBhkE4vsj63 7bIP0UwSnZ8RFUf+T4xqciQ72grjhlk+3ykt3xs6h4Q= =MPzc -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0262",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.7.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.2   (windows 7 or later )"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.7.2   (windows 7 or later )"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.4.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.6.1"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.6.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.7.2"
      },
      {
        "model": "icloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:icloud",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:itunes",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FURIOUSMAC Team of United States Naval Academy",
    "sources": [
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-13864",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-13864",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-104529",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2017-13864",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-13864",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-13864",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-591",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-104529",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the \"APNs Server\" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. Apple iCloud/iTunes are prone to a security bypass vulnerability. \nAttackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Apple iCloud for Windows is a cloud service based on the Windows platform, which supports storage of music, photos, Apps and contacts, etc. A remote attacker could exploit this vulnerability to track users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-13-3 iCloud for Windows 7.2\n\niCloud for Windows 7.2 is now available and addresses the following:\n\nAPNs Server\nAvailable for: Windows 7 and later\nImpact: An attacker in a privileged network position can track a user\nDescription: A privacy issue existed in the use of client\ncertificates. This issue was addressed through a revised protocol. \nCVE-2017-13864: FURIOUSMAC Team of United States Naval Academy\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7156: an anonymous researcher\nCVE-2017-7157: an anonymous researcher\nCVE-2017-13856: Jeonghoon Shin\nCVE-2017-13870: an anonymous researcher\nCVE-2017-13866: an anonymous researcher\n\nInstallation note:\n\niCloud for Windows 7.2 may be obtained from:\nhttps://support.apple.com/HT204283\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnUIpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaAFBAA\nj1labMyPbFVE/pyYnyry4oO7ngi1PbCs0llErrZUYflZ6X2S32WE4y0wT4VPQqxQ\nEw4/bzqTCtlcFEt0oeqNFicfuau6ti63+vct+yD7cTPJeA4Gk9U6uPFalmINUOfA\nX+8z/6L7eONrI4TKBtOMf3B67blOQdFLG3jOIuyHV7v4GWwbLLuZ6meBAhn3Q+K5\nMWP79j7UKYJi2qCYOyafyO+WWU1P0h4LSooer4fDkp8jA5c17TylUhWjv4xJvrOD\nFGerSvQFC+fp+9ehD2UozXN+smQcYKKaHxp2ZIxU+p9KdeXtgW3cZMuU1kMY3A88\nQqLLsXKHJF0+y2YMu6/0dZBNNsiATQ42RbCAot7uo1cEgei64jBsxPC2piHqsxSA\nwU9hjrqPMweRh64oPC8AOlR4NOAndSmUwEEosIibe/++Na8jyMwXYQh3pgilFIY7\n6UfO0ZPP4f5ZWDnu0BDMwR8NFwyHn29tJbYqPVJ3/BZ8SrTHfozrJVXJzwmyeyw7\ngd3UU6cTu43Z5x2/uenWYZltymptzfV/x1A7TuqpYD5IMjZDZWnBaQ2AkdWDdj3K\nwTjVzGtk66lo8L+n58eypJNKbgZ+KowEVMNRUh7HjcBeXod6F9u8hyBhkE4vsj63\n7bIP0UwSnZ8RFUf+T4xqciQ72grjhlk+3ykt3xs6h4Q=\n=MPzc\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-13864",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "102192",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1040013",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98418454",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "38421",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-104529",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145448",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "145449",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "id": "VAR-201712-0262",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:42:03.783000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "HT208328",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208328"
      },
      {
        "title": "HT208326",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208326"
      },
      {
        "title": "HT208328",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208328"
      },
      {
        "title": "HT208326",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208326"
      },
      {
        "title": "Apple iCloud for Windows  and iTunes for Windows APNs Server Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77149"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/102192"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208326"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht208328"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1040013"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13864"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13864"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98418454/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/38421"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-in/ht208326"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/in/icloud/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-in/ht208328"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://lists.apple.com/archives/security-announce/2017/dec/msg00006.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13866"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13856"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13870"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7157"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7156"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "db": "BID",
        "id": "102192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "BID",
        "id": "102192"
      },
      {
        "date": "2018-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "date": "2017-12-16T02:33:33",
        "db": "PACKETSTORM",
        "id": "145448"
      },
      {
        "date": "2017-12-16T03:33:33",
        "db": "PACKETSTORM",
        "id": "145449"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "date": "2017-12-25T21:29:14.217000",
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104529"
      },
      {
        "date": "2017-12-19T21:01:00",
        "db": "BID",
        "id": "102192"
      },
      {
        "date": "2018-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      },
      {
        "date": "2024-11-21T03:11:49.167000",
        "db": "NVD",
        "id": "CVE-2017-13864"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows for  Apple iCloud and  iTunes of  APNs Server component vulnerability in server components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011449"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-591"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2017-37287

Vulnerability from cnvd

Title

Apple iCloud for Windows和iTunes for Windows APNs Server安全绕过漏洞

Description

Apple iCloud for Windows和iTunes for Windows都是美国苹果（Apple）公司的产品。Apple iCloud for Windows是一款基于Windows平台的云服务，它支持存储音乐、照片、App和联系人等。iTunes for Windows是一套基于Windows平台的媒体播放器应用程序。APNs Server是使用在其中的一个用于消息推送的服务器组件。基于Windows平台的Apple iCloud 7.2之前的版本和iTunes 12.7.2之前的版本中的APNs Server组件中存在安全绕过漏洞。远程攻击者利用该漏洞跟踪用户。

Severity

中

Patch Name

Apple iCloud for Windows和iTunes for Windows APNs Server安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/en-in/HT208326

Reference

http://seclists.org/fulldisclosure/2017/Dec/53 http://www.securityfocus.com/bid/102192

Impacted products

Name
['Apple iCloud <7.2', 'Apple iTunes <12.7.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102192"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13864"
    }
  },
  "description": "Apple iCloud for Windows\u548ciTunes for Windows\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iCloud for Windows\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u4e91\u670d\u52a1\uff0c\u5b83\u652f\u6301\u5b58\u50a8\u97f3\u4e50\u3001\u7167\u7247\u3001App\u548c\u8054\u7cfb\u4eba\u7b49\u3002iTunes for Windows\u662f\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002APNs Server\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u6d88\u606f\u63a8\u9001\u7684\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iCloud 7.2\u4e4b\u524d\u7684\u7248\u672c\u548ciTunes 12.7.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684APNs Server\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u8ddf\u8e2a\u7528\u6237\u3002",
  "discovererName": "FURIOUSMAC Team of United States Naval Academy",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-in/HT208326",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37287",
  "openTime": "2017-12-19",
  "patchDescription": "Apple iCloud for Windows\u548ciTunes for Windows\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iCloud for Windows\u662f\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u4e91\u670d\u52a1\uff0c\u5b83\u652f\u6301\u5b58\u50a8\u97f3\u4e50\u3001\u7167\u7247\u3001App\u548c\u8054\u7cfb\u4eba\u7b49\u3002iTunes for Windows\u662f\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002APNs Server\u662f\u4f7f\u7528\u5728\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u6d88\u606f\u63a8\u9001\u7684\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Apple iCloud 7.2\u4e4b\u524d\u7684\u7248\u672c\u548ciTunes 12.7.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684APNs Server\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u8ddf\u8e2a\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iCloud for Windows\u548ciTunes for Windows APNs Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iCloud \u003c7.2",
      "Apple iTunes \u003c12.7.2"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Dec/53\r\nhttp://www.securityfocus.com/bid/102192",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-18",
  "title": "Apple iCloud for Windows\u548ciTunes for Windows APNs Server\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-13864 (GCVE-0-2017-13864)

Vulnerability from cvelistv5

fkie_cve-2017-13864

Vulnerability from fkie_nvd

CERTFR-2017-AVI-469

Vulnerability from certfr_avis

Solution

gsd-2017-13864

Vulnerability from gsd

ghsa-qcg7-7rrg-78rf

Vulnerability from github

var-201712-0262

Vulnerability from variot

cnvd-2017-37287

Vulnerability from cnvd

Tags

Sightings

Nomenclature