Lucene search

AppleCVE-2016-1772

HistoryMar 24, 2016 - 1:59 a.m.

CVE-2016-1772

2016-03-2401:59:40

CWE-200

apple

web.nvd.nist.gov

cve-2016-1772

apple safari

top sites

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

Low

EPSS

0.002

Percentile

52.5%

JSON

The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.

Affected configurations

Nvd

Node

applesafariRange≤9.0.3

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::

References

lists.apple.com/archives/security-announce/2016/Mar/msg00005.html

www.securityfocus.com/bid/85055

www.securitytracker.com/id/1035354

support.apple.com/HT206171

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

Low

EPSS

0.002

Percentile

52.5%

JSON

Related for CVE-2016-1772