CVE-2016-1731

Опубликовано: 14 мар. 2016

Источник: nvd

CVSS3: 5.9

CVSS2: 5

EPSS Низкий

Описание

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.

Ссылки

http://www.securityfocus.com/bid/84283
http://www.securitytracker.com/id/1035256
https://support.apple.com/kb/HT206091
Patch
Vendor Advisory
http://www.securityfocus.com/bid/84283
http://www.securitytracker.com/id/1035256
https://support.apple.com/kb/HT206091
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apple:software_update:*:*:*:*:*:*:*:*

Версия до 2.1.3.127 (включая)

EPSS

Процентиль: 46%

0.00234

Низкий

5.9 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-84jp-xm4r-m85m