Ubuntu.comUB:CVE-2016-4763CVE-2016-4763
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
50.3%
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on
Windows, and Safari before 10 does not properly verify X.509 certificates
from HTTPS servers, which allows man-in-the-middle attackers to spoof
servers and obtain sensitive information via a crafted certificate.
Notes
| Author | Note |
|---|---|
| jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
References
lists.apple.com/archives/security-announce/2016/Sep/msg00007.html
lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
launchpad.net/bugs/cve/CVE-2016-4763
nvd.nist.gov/vuln/detail/CVE-2016-4763
security-tracker.debian.org/tracker/CVE-2016-4763
support.apple.com/HT207143
support.apple.com/HT207157
support.apple.com/HT207158
www.cve.org/CVERecord?id=CVE-2016-4763
Related
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
50.3%