Vulnerability Name: | CVE-2016-1864 (CCN-114470) | ||||||||||||||||||||
Assigned: | 2016-06-15 | ||||||||||||||||||||
Published: | 2016-06-15 | ||||||||||||||||||||
Updated: | 2017-09-01 | ||||||||||||||||||||
Summary: | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | ||||||||||||||||||||
CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-1864 Source: APPLE Type: Vendor Advisory APPLE-SA-2016-03-21-1 Source: APPLE Type: Vendor Advisory APPLE-SA-2016-03-21-6 Source: BID Type: UNKNOWN 91358 Source: CCN Type: BID-91358 WebKit CVE-2016-1864 Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1036344 Source: XF Type: UNKNOWN appleios-cve20161864-info-disc(114470) Source: CCN Type: Apple Web site About the security content of iOS 9.3 Source: CCN Type: Apple Web site About the security content of Safari 9.1 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT206166 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT206171 Source: CCN Type: ZDI-16-436 Apple OS X IOPMrootDomain Memory Corruption Privilege Escalation Vulnerability | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |