Lucene search

Tenable9396.PRM

HistorySep 09, 2016 - 12:00 a.m.

Safari < 9.1 Multiple Vulnerabilities

2016-09-0900:00:00

Tenable

www.tenable.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.021 Low

EPSS

Percentile

89.2%

JSON

The version of Safari installed on the remote host is prior or equal to 9.0.3, and is affected by multiple vulnerabilities in the following components :

Libxml2 (2016-1762)
Safari (CVE-2009-2197)
Safari Downloads (CVE-2016-1771)
Safari Top Sites (CVE-2016-1772)
WebKit (CVE-2016-1778, CVE-2016-1779, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1784, CVE-2016-1785, CVE-2016-1786, CVE-2016-1864)
WebKit History (CVE-2016-1784)
WebKit Page Loading (CVE-2016-1785, CVE-2016-1786)

Binary data 9396.prm

VendorProductVersionCPE
applesafaricpe:/a:apple:safari

Vendor	Product	Version	CPE
apple	safari		cpe:/a:apple:safari

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2197

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1771

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1772

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1778

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1779

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1781

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1782

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1783

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1784

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1785

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1786

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1864

support.apple.com/en-us/HT206171

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for 9396.PRM