CVE-2016-4604

Опубликовано: 22 июл. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 5.8

EPSS Низкий

Описание

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

Ссылки

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
Mailing List
http://www.securityfocus.com/bid/91825
http://www.securitytracker.com/id/1036344
https://support.apple.com/HT206902
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
Mailing List
http://www.securityfocus.com/bid/91825
http://www.securitytracker.com/id/1036344
https://support.apple.com/HT206902
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 9.3.2 (включая)

EPSS

Процентиль: 58%

0.00366

Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-2fph-f2f6-cpgm