Vulnerability-Lookup

CVE-2016-4591 (GCVE-0-2016-4591)

Vulnerability from cvelistv5 – Published: 2016-07-22 01:00 – Updated: 2024-08-06 00:32

Summary

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

CNVD-2016-05773

Vulnerability from cnvd - Published: 2016-08-01

Title

多款Apple产品WebKit未授权访问漏洞

Description

Apple iOS、Safari和tvOS都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器；tvOS是一套智能电视操作系统。WebKit是KDE社区开发的一套开源Web浏览器引擎，目前被Apple Safari及Google Chrome等浏览器使用。 Apple iOS 9.3.3之前版本、Safari 9.1.2之前版本和tvOS 9.2.2之前版本中的WebKit中存在未授权访问漏洞，该漏洞源于程序错误处理location变量。远程攻击者可利用该漏洞访问本地文件系统。

Severity

高

Patch Name

多款Apple产品WebKit未授权访问漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/HT206905

Reference

https://support.apple.com/HT206905

Impacted products

Name
['Apple IOS <9.3.3', 'Apple tvOS <9.2.2', 'Apple Safari <9.1.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4591"
    }
  },
  "description": "Apple iOS\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662fKDE\u793e\u533a\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\nApple iOS 9.3.3\u4e4b\u524d\u7248\u672c\u3001Safari 9.1.2\u4e4b\u524d\u7248\u672c\u548ctvOS 9.2.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684WebKit\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u9519\u8bef\u5904\u7406location\u53d8\u91cf\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u3002",
  "discovererName": "ma.la of LINE Corporation",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/HT206905",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-05773",
  "openTime": "2016-08-01",
  "patchDescription": "Apple iOS\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662fKDE\u793e\u533a\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\nApple iOS 9.3.3\u4e4b\u524d\u7248\u672c\u3001Safari 9.1.2\u4e4b\u524d\u7248\u672c\u548ctvOS 9.2.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684WebKit\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u9519\u8bef\u5904\u7406location\u53d8\u91cf\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c9.3.3",
      "Apple tvOS \u003c9.2.2",
      "Apple Safari \u003c9.1.2"
    ]
  },
  "referenceLink": "https://support.apple.com/HT206905",
  "serverity": "\u9ad8",
  "submitTime": "2016-07-28",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

FKIE_CVE-2016-4591

Vulnerability from fkie_nvd - Published: 2016-07-22 02:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html	Mailing List, Vendor Advisory
product-security@apple.com	http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securityfocus.com/archive/1/539295/100/0/threaded	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securityfocus.com/bid/91830	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1036343	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT206900	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206902	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206905	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/539295/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91830	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036343	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206900	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206905	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	webkit	*
apple	safari	*
apple	iphone_os	*
apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461EFB63-7933-488C-BB4E-7C913364F5A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B608DDE-2886-440E-A78B-4B6305BE37E8",
              "versionEndExcluding": "9.1.2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
              "versionEndExcluding": "9.3.3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
              "versionEndExcluding": "9.2.2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localizaci\u00f3n, lo que permite a atacantes remotos acceder al sistema de archivos local a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-4591",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-22T02:59:14.473",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91830"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036343"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206900"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206902"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206905"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-239

Vulnerability from certfr_avis - Published: 2016-07-19 - Updated: 2016-07-19

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple tvOS versions antérieures à 9.2.2
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.4.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 5.2.1
Apple	Safari	Apple Safari versions antérieures à 9.1.2
Apple	N/A	Apple watchOS versions antérieures à 2.2.2
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004
Apple	N/A	Apple iOS versions antérieures à 9.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206902 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206905 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206903 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206901 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206904 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206899 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206900 du 18 juillet 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
    },
    {
      "name": "CVE-2016-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
    },
    {
      "name": "CVE-2016-4584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
    },
    {
      "name": "CVE-2016-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
    },
    {
      "name": "CVE-2016-4629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
    },
    {
      "name": "CVE-2016-4601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
    },
    {
      "name": "CVE-2016-4600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
    },
    {
      "name": "CVE-2016-4646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
    },
    {
      "name": "CVE-2016-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
    },
    {
      "name": "CVE-2016-4582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-4595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-4589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
    },
    {
      "name": "CVE-2016-4627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
    },
    {
      "name": "CVE-2016-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
    },
    {
      "name": "CVE-2016-4631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
    },
    {
      "name": "CVE-2016-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
    },
    {
      "name": "CVE-2016-4632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
    },
    {
      "name": "CVE-2016-4621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
    },
    {
      "name": "CVE-2016-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-4624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
    },
    {
      "name": "CVE-2016-4634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
    },
    {
      "name": "CVE-2016-4596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
    },
    {
      "name": "CVE-2016-4588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
    },
    {
      "name": "CVE-2016-4597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
    },
    {
      "name": "CVE-2016-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
    },
    {
      "name": "CVE-2016-4633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
    },
    {
      "name": "CVE-2016-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
    },
    {
      "name": "CVE-2016-4602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
    },
    {
      "name": "CVE-2016-4652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
    },
    {
      "name": "CVE-2016-4586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-4594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
    },
    {
      "name": "CVE-2016-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
    },
    {
      "name": "CVE-2016-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
    },
    {
      "name": "CVE-2016-4647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
    },
    {
      "name": "CVE-2016-4583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
    },
    {
      "name": "CVE-2014-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
    },
    {
      "name": "CVE-2016-4625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
    },
    {
      "name": "CVE-2016-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
    },
    {
      "name": "CVE-2016-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
    },
    {
      "name": "CVE-2016-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
    },
    {
      "name": "CVE-2016-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
    },
    {
      "name": "CVE-2016-4585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
    },
    {
      "name": "CVE-2016-4593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
    },
    {
      "name": "CVE-2016-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
    },
    {
      "name": "CVE-2016-4591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
    },
    {
      "name": "CVE-2016-4630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
    },
    {
      "name": "CVE-2016-4604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
    },
    {
      "name": "CVE-2016-4628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
    },
    {
      "name": "CVE-2016-4626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
    },
    {
      "name": "CVE-2016-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    }
  ],
  "initial_release_date": "2016-07-19T00:00:00",
  "last_revision_date": "2016-07-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-239",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206902"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206905"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206903"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206901"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206904"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206899"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206900"
    }
  ]
}

GHSA-528C-RRJ8-7MCH

Vulnerability from github – Published: 2022-05-14 01:16 – Updated: 2022-05-14 01:16

Details

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-22T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
  "id": "GHSA-528c-rrj8-7mch",
  "modified": "2022-05-14T01:16:36Z",
  "published": "2022-05-14T01:16:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4591"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206900"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206902"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206905"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91830"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-4591

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Aliases

CVE-2016-4591

Aliases

CVE-2016-4591

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4591",
    "description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
    "id": "GSD-2016-4591",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-4591.html",
      "https://ubuntu.com/security/CVE-2016-4591",
      "https://advisories.mageia.org/CVE-2016-4591.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4591"
      ],
      "details": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
      "id": "GSD-2016-4591",
      "modified": "2023-12-13T01:21:18.636389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4591",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2016-07-18-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
          },
          {
            "name": "91830",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91830"
          },
          {
            "name": "https://support.apple.com/HT206900",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206900"
          },
          {
            "name": "1036343",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036343"
          },
          {
            "name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
          },
          {
            "name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
          },
          {
            "name": "https://support.apple.com/HT206905",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206905"
          },
          {
            "name": "https://support.apple.com/HT206902",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206902"
          },
          {
            "name": "APPLE-SA-2016-07-18-5",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.2",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.3.3",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.2.2",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4591"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2016-07-18-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "https://support.apple.com/HT206905",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "https://support.apple.com/HT206902",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "name": "APPLE-SA-2016-07-18-5",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT206900",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206900"
            },
            {
              "name": "91830",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91830"
            },
            {
              "name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
            },
            {
              "name": "1036343",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036343"
            },
            {
              "name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-03-25T17:04Z",
      "publishedDate": "2016-07-22T02:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4591 (GCVE-0-2016-4591)

CNVD-2016-05773

FKIE_CVE-2016-4591

CERTFR-2016-AVI-239

Solution

GHSA-528C-RRJ8-7MCH

GSD-2016-4591

Tags

Sightings

Nomenclature