Vulnerability CVE-2016-4585

Vulnerability Name:

CVE-2016-4585 (CCN-115692)

Assigned:

2016-07-21

Published:

2016-07-21

Updated:

2019-03-18

Summary:

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2016-4585

Source: APPLE
Type: Mailing List, Vendor Advisory
APPLE-SA-2016-07-18-2

Source: APPLE
Type: Mailing List, Vendor Advisory
APPLE-SA-2016-07-18-4

Source: APPLE
Type: Mailing List, Vendor Advisory
APPLE-SA-2016-07-18-5

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20160825 WebKitGTK+ Security Advisory WSA-2016-0005

Source: BID
Type: Third Party Advisory, VDB Entry
91830

Source: CCN
Type: BID-91830
Apple iOS/tvOS/Safari Multiple Security Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1036343

Source: XF
Type: UNKNOWN
apple-safari-cve20164585-xss(115692)

Source: CCN
Type: Apple Web site
About the security content of Safari 9.1.2

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT206900

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT206902

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT206905

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-4585

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:webkit:*:*:*:*:*:*:*:*

AND

cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version < 9.1.2)

OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 9.3.3)

OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 9.2.2)

Configuration CCN 1:

cpe:/a:apple:safari:9.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:ios:9.3.2:*:*:*:*:*:*:*

OR cpe:/o:apple:tvos:9.2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.xenial:def:201645850000000	V	CVE-2016-4585 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-22
oval:com.ubuntu.precise:def:20164585000	V	CVE-2016-4585 on Ubuntu 12.04 LTS (precise) - medium.	2016-07-21
oval:com.ubuntu.trusty:def:20164585000	V	CVE-2016-4585 on Ubuntu 14.04 LTS (trusty) - medium.	2016-07-21
oval:com.ubuntu.xenial:def:20164585000	V	CVE-2016-4585 on Ubuntu 16.04 LTS (xenial) - medium.	2016-07-21

BACK