Описание
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
Ссылки
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
- Mailing ListVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.1.2 (исключая)Версия до 9.3.3 (исключая)Версия до 9.2.2 (исключая)
Одновременно
cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02713
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 9 лет назад
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
CVSS3: 7.5
debian
больше 9 лет назад
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...
CVSS3: 7.5
github
больше 3 лет назад
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
EPSS
Процентиль: 86%
0.02713
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-284