CVE-2016-4676

Опубликовано: 03 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.

Ссылки

http://seclists.org/fulldisclosure/2016/Oct/89
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/93851
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037087
Third Party Advisory
VDB Entry
https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html
Mailing List
Vendor Advisory
https://packetstormsecurity.com/files/cve/CVE-2016-4676
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Oct/89
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/93851
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037087
Third Party Advisory
VDB Entry
https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html
Mailing List
Vendor Advisory
https://packetstormsecurity.com/files/cve/CVE-2016-4676
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия до 10.0.1 (исключая)

cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.11.6:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.12:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01783

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-x5qv-v22x-8gfj

github

больше 3 лет назад