CVE-2016-1864

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

CVSS v3 4.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html	Vendor Advisory
http://www.securityfocus.com/bid/91358
http://www.securitytracker.com/id/1036344
https://support.apple.com/HT206166	Vendor Advisory
https://support.apple.com/HT206171	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-06-19 20:59

Updated : 2024-02-28 15:21

NVD link : CVE-2016-1864

Mitre link : CVE-2016-1864

CVE.ORG link : CVE-2016-1864

JSON object : View

Products Affected

apple

safari
iphone_os

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-1864", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2016-06-19T20:59:11.380", "references": [{"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/91358", "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1036344", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT206166", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT206171", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL."}, {"lang": "es", "value": "El auditor XSS en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1, no maneja correctamente redirecciones en modo bloque, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una URL manipulada."}], "lastModified": "2017-09-01T01:29:05.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39FC2FB-375B-4129-A37F-BC749F8A9648", "versionEndIncluding": "9.0.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237", "versionEndIncluding": "9.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}