Lucene search

AppleCVE-2016-4592

HistoryJul 22, 2016 - 2:59 a.m.

CVE-2016-4592

2016-07-2202:59:15

CWE-400

apple

web.nvd.nist.gov

cve-2016-4592

webkit

apple

ios

safari

tvos

denial of service

memory consumption

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

Affected configurations

Nvd

Node

applewebkitMatch-

AND

applesafariRange<9.1.2

appleiphone_osRange<9.3.3

appletvosRange<9.2.2

Node

webkitgtkwebkitgtk\+Range<2.10.5

VendorProductVersionCPE
applewebkit-cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
webkitgtkwebkitgtk\+*cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	webkit	-	cpe:2.3:a:apple:webkit:-:::::::*
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
webkitgtk	webkitgtk\+	*	cpe:2.3:a:webkitgtk:webkitgtk\+::::::::

References

lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

lists.apple.com/archives/security-announce/2016/Jul/msg00004.html

packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html

www.securityfocus.com/archive/1/539295/100/0/threaded

www.securityfocus.com/bid/91830

www.securitytracker.com/id/1036343

support.apple.com/HT206900

support.apple.com/HT206902

support.apple.com/HT206905

Social References

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2016-4592