Lucene search

AppleCVE-2016-1727

HistoryFeb 01, 2016 - 11:59 a.m.

CVE-2016-1727

2016-02-0111:59:12

CWE-119

apple

web.nvd.nist.gov

cve-2016-1727

webkit

apple ios

safari

tvos

vulnerability

remote code execution

memory corruption

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

77.6%

JSON

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

Affected configurations

Nvd

Node

applesafariRange<9.0.3

appleiphone_osRange<9.2.1

appletvosRange<9.1.1

applewatchosRange<2.2

Node

webkitgtkwebkitgtk\+Range<2.10.5

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
webkitgtkwebkitgtk\+*cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
webkitgtk	webkitgtk\+	*	cpe:2.3:a:webkitgtk:webkitgtk\+::::::::

References

lists.apple.com/archives/security-announce/2016/Jan/msg00002.html

lists.apple.com/archives/security-announce/2016/Jan/msg00004.html

lists.apple.com/archives/security-announce/2016/Jan/msg00005.html

lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

packetstormsecurity.com/files/136227/WebKitGTK-Memory-Corruption-Denial-Of-Service.html

www.securityfocus.com/archive/1/537771/100/0/threaded

www.securityfocus.com/bid/81263

www.securitytracker.com/id/1034737

security.gentoo.org/glsa/201706-15

support.apple.com/HT205729

support.apple.com/HT205730

support.apple.com/HT205732

support.apple.com/HT206168

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

77.6%

JSON

Related for CVE-2016-1727