Lucene search

AppleCVE-2018-4117

HistoryApr 03, 2018 - 6:29 a.m.

CVE-2018-4117

2018-04-0306:29:04

CWE-200

apple

web.nvd.nist.gov

cve-2018-4117

apple

ios

safari

icloud

itunes

windows

watchos

webkit

same origin policy

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

65.3%

JSON

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Affected configurations

Nvd

Node

applesafariRange<11.1

appleiphone_osRange<11.3

applewatchosRange<4.3

Node

appleicloudRange<7.4

AND

microsoftwindowsMatch-

Node

appleitunesRange<12.7.4

AND

microsoftwindowsMatch-

Node

webkitgtkwebkitgtk\+Range<2.20.4

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch17.10

debiandebian_linuxMatch9.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
appleicloud*cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
appleitunes*cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
webkitgtkwebkitgtk\+*cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux17.10cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
apple	icloud	*	cpe:2.3:a:apple:icloud::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
apple	itunes	*	cpe:2.3:a:apple:itunes::::::::
webkitgtk	webkitgtk\+	*	cpe:2.3:a:webkitgtk:webkitgtk\+::::::::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	17.10	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*