var-201710-1389
Vulnerability from variot
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. WebKit is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-09-25-3 Additional information for APPLE-SA-2017-09-19-2 Safari 11
Safari 11 addresses the following:
Safari Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7081: Apple Entry added September 25, 2017
WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7090: Apple Entry added September 25, 2017
WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7109: avlidienbrunn Entry added September 25, 2017
WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies.
Installation note:
Safari 11 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRG/OcQAMYUtsjsKZSQngaIfrbsJJws 0FyAha36FHpQgo4EJ7sREcm31esSdE7DHoPG/8sG6WyP+H298kAAt7ZxedyBR17P FmF5L6yr1CcuvVNI3fj8hA278tUF6MMPU3/PQiIrmRvWwjkQ50ZJvP8yAPqKsMhJ +VhBFTgkGlg6Nb7baiT1pr6u/u0+MqsNaLiyWgz1GbTL9gOykKvl+hZMjOTWACzJ eMr0XJSs6n8AcpxL/VDjhHJXucDckJUsW3DrtVC8DGWxCMHXYxQNjADVhuD/tme/ qfEvAdKDXk43Y2YZkpch6qExW6eC2HVKWCb3VVTtYxHiPSklhc1rBSNIXqQxP5vD EVdqFDhx0jMhAH9wjQUaVpwQ2TWzxtdfuPLOr4v9e46e3zunnB8h5uCQt21LfQnH e6KtinCcCjONkrrF1OMRyDX28vHGB69djTb4mCVDEHalq66BIh6o8vJpo7rSHATt BO64xKKzwChaOzmBiWE60d3x6AWCfBwfKWy0iTCfSGlrVs3EWknK1bTQ8dUqdE02 x60GzQwvVhAgR8czyHtdCHK9Fym+SkixusyiHnvWOaJl/D1TE96Ng/XL83L/2TK6 YxO0GEf2KDbewr8uJg9gO5Dv433YY47unyRi1DrTjrjuE07RWs5nBLSXGBzx1Nvc lOJZilco7jGI/wBK51Jf =7GkF -----END PGP SIGNATURE-----
. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0008
Date reported : October 18, 2017 Advisory ID : WSA-2017-0008 Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142.
Several vulnerabilities were discovered in WebKitGTK+. Credit to Apple. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed through improved input validation. Credit to Apple. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Credit to Apple. Impact: Cookies belonging to one origin may be sent to another origin. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. Credit to Wei Yuan of Baidu Security Lab working with Trend Microas Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Samuel Gro and Niklas Baumstark working with Trend Microas Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Microas Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wei Yuan of Baidu Security Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Apple. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Masato Kinugawa and Mario Heiderich of Cure53. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Secutity Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to avlidienbrunn. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: Application Cache policy may be unexpectedly applied. Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to lokihardt of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: Website data may persist after a Safari Private browsing session. Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, October 18, 2017
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (macos high sierra 10.13)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (macos sierra 10.12.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (os x el capitan 10.11.6)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
}
],
"sources": [
{
"db": "BID",
"id": "100996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "100996"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7142",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115345",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7142",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7142",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-7142",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-932",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115345",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7142",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115345"
},
{
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the \"WebKit Storage\" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. WebKit is prone to an information-disclosure vulnerability. \nSuccessful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-09-25-3\nAdditional information for APPLE-SA-2017-09-19-2 Safari 11\n\nSafari 11 addresses the following:\n\nSafari\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7081: Apple\nEntry added September 25, 2017\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7090: Apple\nEntry added September 25, 2017\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7109: avlidienbrunn\nEntry added September 25, 2017\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: A malicious website may be able to track users in\nSafari private browsing mode\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. \n\nInstallation note:\n\nSafari 11 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRG/OcQAMYUtsjsKZSQngaIfrbsJJws\n0FyAha36FHpQgo4EJ7sREcm31esSdE7DHoPG/8sG6WyP+H298kAAt7ZxedyBR17P\nFmF5L6yr1CcuvVNI3fj8hA278tUF6MMPU3/PQiIrmRvWwjkQ50ZJvP8yAPqKsMhJ\n+VhBFTgkGlg6Nb7baiT1pr6u/u0+MqsNaLiyWgz1GbTL9gOykKvl+hZMjOTWACzJ\neMr0XJSs6n8AcpxL/VDjhHJXucDckJUsW3DrtVC8DGWxCMHXYxQNjADVhuD/tme/\nqfEvAdKDXk43Y2YZkpch6qExW6eC2HVKWCb3VVTtYxHiPSklhc1rBSNIXqQxP5vD\nEVdqFDhx0jMhAH9wjQUaVpwQ2TWzxtdfuPLOr4v9e46e3zunnB8h5uCQt21LfQnH\ne6KtinCcCjONkrrF1OMRyDX28vHGB69djTb4mCVDEHalq66BIh6o8vJpo7rSHATt\nBO64xKKzwChaOzmBiWE60d3x6AWCfBwfKWy0iTCfSGlrVs3EWknK1bTQ8dUqdE02\nx60GzQwvVhAgR8czyHtdCHK9Fym+SkixusyiHnvWOaJl/D1TE96Ng/XL83L/2TK6\nYxO0GEf2KDbewr8uJg9gO5Dv433YY47unyRi1DrTjrjuE07RWs5nBLSXGBzx1Nvc\nlOJZilco7jGI/wBK51Jf\n=7GkF\n-----END PGP SIGNATURE-----\n\n\n\n. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2017-0008\n------------------------------------------------------------------------\n\nDate reported : October 18, 2017\nAdvisory ID : WSA-2017-0008\nAdvisory URL : https://webkitgtk.org/security/WSA-2017-0008.html\nCVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,\n CVE-2017-7090, CVE-2017-7091, CVE-2017-7092,\n CVE-2017-7093, CVE-2017-7094, CVE-2017-7095,\n CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,\n CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,\n CVE-2017-7107, CVE-2017-7109, CVE-2017-7111,\n CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n Credit to Apple. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: A memory corruption issue was\n addressed through improved input validation. \n Credit to Apple. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. \n Impact: Processing maliciously crafted web content may lead to\n universal cross site scripting. Description: A logic issue existed\n in the handling of the parent-tab. This issue was addressed with\n improved state management. \n Credit to Apple. \n Impact: Cookies belonging to one origin may be sent to another\n origin. Description: A permissions issue existed in the handling of\n web browser cookies. This issue was addressed by no longer returning\n cookies for custom URL schemes. \n Credit to Wei Yuan of Baidu Security Lab working with Trend Microas\n Zero Day Initiative. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel\n Gro and Niklas Baumstark working with Trend Micro\u0027s Zero Day\n Initiative. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Samuel Gro and Niklas Baumstark working with Trend Microas\n Zero Day Initiative. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n Technological University working with Trend Microas Zero Day\n Initiative. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wei Yuan of Baidu Security Lab. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Apple. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Masato Kinugawa and Mario Heiderich of Cure53. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n Technological University. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to likemeng of Baidu Secutity Lab. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n Technological University. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to avlidienbrunn. \n Impact: Processing maliciously crafted web content may lead to a\n cross site scripting attack. Description: Application Cache policy\n may be unexpectedly applied. \n Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working\n with Trend Micro\u0027s Zero Day Initiative. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to lokihardt of Google Project Zero. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. \n Impact: Processing maliciously crafted web content may lead to\n arbitrary code execution. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to an anonymous researcher. \n Impact: Website data may persist after a Safari Private browsing\n session. Description: An information leakage issue existed in the\n handling of website data in Safari Private windows. This issue was\n addressed with improved data handling. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nOctober 18, 2017\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "BID",
"id": "100996"
},
{
"db": "VULHUB",
"id": "VHN-115345"
},
{
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7142",
"trust": 3.1
},
{
"db": "BID",
"id": "100996",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1039384",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99806334",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-932",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-115345",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7142",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144368",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144667",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115345"
},
{
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"db": "BID",
"id": "100996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"id": "VAR-201710-1389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115345"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:59:31.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT208116",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208116"
},
{
"title": "HT208116",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208116"
},
{
"title": "Apple: Safari 11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=d13ff379ea1fc93e7db3bd568b4c4270"
},
{
"title": "Apple: iOS 11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=041cce4eee20b18dc79e9460a53e8400"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht208116"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100996"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1039384"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7142"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7142"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99806334/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7104"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7091"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7120"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7094"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7093"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7111"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7107"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7089"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7090"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7087"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7109"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7092"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7098"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7081"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7100"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7102"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7117"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7095"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7099"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2017-7142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht208116"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7085"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7106"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2017-0008.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115345"
},
{
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"db": "BID",
"id": "100996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115345"
},
{
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"db": "BID",
"id": "100996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-115345"
},
{
"date": "2017-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"date": "2017-09-25T00:00:00",
"db": "BID",
"id": "100996"
},
{
"date": "2017-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"date": "2017-09-28T00:17:26",
"db": "PACKETSTORM",
"id": "144368"
},
{
"date": "2017-10-18T23:02:22",
"db": "PACKETSTORM",
"id": "144667"
},
{
"date": "2017-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"date": "2017-10-23T01:29:13.923000",
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-115345"
},
{
"date": "2017-10-26T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7142"
},
{
"date": "2017-09-25T00:00:00",
"db": "BID",
"id": "100996"
},
{
"date": "2017-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009291"
},
{
"date": "2017-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-932"
},
{
"date": "2024-11-21T03:31:15.500000",
"db": "NVD",
"id": "CVE-2017-7142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Safari of WebKit Vulnerabilities that bypass the private browsing protection mechanism in storage components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-932"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.