var-201603-0208
Vulnerability from variot
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. Apple iOS and Safari Used in etc. WebKit is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is a security vulnerability in the Page Loading implementation of WebKit in versions prior to Apple iOS 9.3 and Safari versions prior to 9.1. The vulnerability stems from the fact that the program does not correctly handle HTTP responses with 3xx status codes. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0003
Date reported : March 31, 2016 Advisory ID : WSA-2016-0003 Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1785, CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778 Versions affected: WebKitGTK+ before 2.10.5. Credit to 0x1byte working with Trend Micro's Zero Day Initiative (ZDI).
CVE-2016-1779 Versions affected: WebKitGTK+ before 2.10.5. Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781 Versions affected: WebKitGTK+ before 2.10.5. Credit to Devdatta Akhawe of Dropbox, Inc. WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
CVE-2016-1782 Versions affected: WebKitGTK+ before 2.10.5. Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
CVE-2016-1783 Versions affected: WebKitGTK+ before 2.10.5. Credit to Mihai Parparita of Google.
CVE-2016-1785 Versions affected: WebKitGTK+ before 2.10.5. Credit to an anonymous researcher.
CVE-2016-1786 Versions affected: WebKitGTK+ before 2.10.5. Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html
The WebKitGTK+ team, March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1762
Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue existed where the text of a dialog included page-supplied text. This issue was addressed by no longer including that text. CVE-ID CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: An insufficient input validation issue existed in the handling of certain files. This was addressed through additional checks during file expansion. CVE-ID CVE-2016-1771 : Russ Cox
Safari Top Sites Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: A cookie storage issue existed in the Top Sites page. This issue was addressed through improved state management. CVE-ID CVE-2016-1772 : WoofWagly
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1783 : Mihai Parparita of Google
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation.
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)
WebKit History Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. This was addressed through additional request checking. CVE-ID CVE-2016-1785 : an anonymous researcher
WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. This issue was addressed through improved URL display logic. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2 pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z 5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9 k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+ BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g ZD4qUKE2vo66y07AMC93 =8yOc -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3 (ipod touch first 5 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x el capitan v10.11.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x mavericks v10.9.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x yosemite v10.10.5)"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "85069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "0x1byte working with Trend Micro\u0027s Zero Day, xisigr of Tencent\u0027s Xuanwu Lab, Devdatta Akhawe of Dropbox, Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co., an anonymous researcher, and ma.la of LINE Corporation.",
"sources": [
{
"db": "BID",
"id": "85069"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1786",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1786",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-90605",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1786",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1786",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1786",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-323",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90605",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90605"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. Apple iOS and Safari Used in etc. WebKit is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is a security vulnerability in the Page Loading implementation of WebKit in versions prior to Apple iOS 9.3 and Safari versions prior to 9.1. The vulnerability stems from the fact that the program does not correctly handle HTTP responses with 3xx status codes. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2016-0003\n------------------------------------------------------------------------\n\nDate reported : March 31, 2016\nAdvisory ID : WSA-2016-0003\nAdvisory URL : http://webkitgtk.org/security/WSA-2016-0003.html\nCVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,\n CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,\n CVE-2016-1786. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2016-1778\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to 0x1byte working with Trend Micro\u0027s Zero Day Initiative\n (ZDI). \n\nCVE-2016-1779\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to xisigr of Tencent\u0027s Xuanwu Lab (http://www.tencent.com). \n\nCVE-2016-1781\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Devdatta Akhawe of Dropbox, Inc. \n WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles\n attachment URLs, which makes it easier for remote web servers to\n track users via unspecified vectors. \n\nCVE-2016-1782\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies\n Co.,Ltd. \n\nCVE-2016-1783\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Mihai Parparita of Google. \n\nCVE-2016-1785\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to an anonymous researcher. \n\nCVE-2016-1786\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to ma.la of LINE Corporation. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: http://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nMarch 31, 2016\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-6 Safari 9.1\n\nSafari 9.1 is now available and addresses the following:\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1762\n\nSafari\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An issue existed where the text of a dialog included\npage-supplied text. This issue was addressed by no longer including\nthat text. \nCVE-ID\nCVE-2009-2197 : Alexios Fakos of n.runs AG\n\nSafari Downloads\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: An insufficient input validation issue existed in the\nhandling of certain files. This was addressed through additional\nchecks during file expansion. \nCVE-ID\nCVE-2016-1771 : Russ Cox\n\nSafari Top Sites\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: A cookie storage issue existed in the Top Sites page. \nThis issue was addressed through improved state management. \nCVE-ID\nCVE-2016-1772 : WoofWagly\n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: An issue existed in the handling of attachment URLs. \nThis issue was addressed through improved URL handling. \n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1778 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A malicious website may be able to access restricted ports\non arbitrary servers\nDescription: A port redirection issue was addressed through\nadditional port validation. \n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription: An issue existed in the parsing of geolocation\nrequests. This was addressed through improved validation of the\nsecurity origin for geolocation requests. \nCVE-ID\nCVE-2016-1779 : xisigr of Tencent\u0027s Xuanwu Lab\n(http://www.tencent.com)\n\nWebKit History\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWebKit Page Loading\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A caching issue existed with character encoding. This\nwas addressed through additional request checking. \nCVE-ID\nCVE-2016-1785 : an anonymous researcher\n\nWebKit Page Loading\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. This issue was addressed through improved URL\ndisplay logic. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nInstallation note:\n\nSafari 9.1 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b\nZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v\nHTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u\nr8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2\npN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z\n5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D\nuD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn\ncn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9\nk1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+\nBIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu\nLvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g\nZD4qUKE2vo66y07AMC93\n=8yOc\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1786"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "BID",
"id": "85069"
},
{
"db": "VULHUB",
"id": "VHN-90605"
},
{
"db": "PACKETSTORM",
"id": "136535"
},
{
"db": "PACKETSTORM",
"id": "136347"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1786",
"trust": 3.0
},
{
"db": "SECTRACK",
"id": "1035353",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "69624",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "69614",
"trust": 0.6
},
{
"db": "BID",
"id": "85069",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136535",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136347",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90605"
},
{
"db": "BID",
"id": "85069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "PACKETSTORM",
"id": "136535"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"id": "VAR-201603-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90605"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:59:17.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-03-21-1 iOS 9.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"title": "APPLE-SA-2016-03-21-6 Safari 9.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"title": "HT206171",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206171"
},
{
"title": "HT206166",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206166"
},
{
"title": "HT206166",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT206166"
},
{
"title": "HT206171",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT206171"
},
{
"title": "Apple iOS and Safari WebKit Page Loading Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60649"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90605"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206166"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206171"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035353"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1786"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1786"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/69614"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/69624"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1779"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1786"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1778"
},
{
"trust": 0.1,
"url": "http://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "http://webkitgtk.org/security/wsa-2016-0003.html"
},
{
"trust": 0.1,
"url": "http://www.tencent.com)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1772"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90605"
},
{
"db": "BID",
"id": "85069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "PACKETSTORM",
"id": "136535"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90605"
},
{
"db": "BID",
"id": "85069"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"db": "PACKETSTORM",
"id": "136535"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-90605"
},
{
"date": "2016-03-21T00:00:00",
"db": "BID",
"id": "85069"
},
{
"date": "2016-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"date": "2016-04-01T13:33:33",
"db": "PACKETSTORM",
"id": "136535"
},
{
"date": "2016-03-22T15:20:32",
"db": "PACKETSTORM",
"id": "136347"
},
{
"date": "2016-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"date": "2016-03-24T01:59:53.330000",
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-90605"
},
{
"date": "2016-07-05T22:02:00",
"db": "BID",
"id": "85069"
},
{
"date": "2016-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001867"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-323"
},
{
"date": "2024-11-21T02:47:05.030000",
"db": "NVD",
"id": "CVE-2016-1786"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and Safari Used in etc. WebKit Vulnerabilities that bypass the same origin policy in a page load implementation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001867"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-323"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.