exploitDog

CVE-2013-0974

Опубликовано: 29 янв. 2013

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.

Ссылки

http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
Vendor Advisory
http://osvdb.org/89658
http://support.apple.com/kb/HT5642
Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html
Vendor Advisory
http://osvdb.org/89658
http://support.apple.com/kb/HT5642
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 6.0.2 (включая)

cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00254

Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8w2f-ww3v-rhjq

github

больше 3 лет назад

StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.

EPSS

Процентиль: 48%

0.00254

Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-Other