Vulnerability-Lookup

CVE-2016-4585 (GCVE-0-2016-4585)

Vulnerability from cvelistv5 – Published: 2016-07-22 01:00 – Updated: 2024-08-06 00:32

Summary

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

FKIE_CVE-2016-4585

Vulnerability from fkie_nvd - Published: 2016-07-22 02:59 - Updated: 2025-04-12 10:46

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html	Mailing List, Vendor Advisory
product-security@apple.com	http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securityfocus.com/archive/1/539295/100/0/threaded	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securityfocus.com/bid/91830	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1036343	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT206900	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206902	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206905	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/539295/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91830	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036343	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206900	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206905	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	webkit	*
apple	safari	*
apple	iphone_os	*
apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461EFB63-7933-488C-BB4E-7C913364F5A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B608DDE-2886-440E-A78B-4B6305BE37E8",
              "versionEndExcluding": "9.1.2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
              "versionEndExcluding": "9.3.3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
              "versionEndExcluding": "9.2.2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la implementaci\u00f3n de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una respuesta HTTP especificando redirecci\u00f3n que Safari no maneja correctamente."
    }
  ],
  "id": "CVE-2016-4585",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-22T02:59:07.910",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91830"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036343"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206900"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206902"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206905"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QW3F-692V-R8M2

Vulnerability from github – Published: 2022-05-14 01:19 – Updated: 2022-05-14 01:19

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-22T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.",
  "id": "GHSA-qw3f-692v-r8m2",
  "modified": "2022-05-14T01:19:36Z",
  "published": "2022-05-14T01:19:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4585"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206900"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206902"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206905"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91830"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036343"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-05668

Vulnerability from cnvd - Published: 2016-07-29

Title

多款Apple产品跨站脚本漏洞

Description

Apple iOS、Safari和tvOS都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统。Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。tvOS是一套智能电视操作系统。WebKit Page Loading是一个WebKit页面加载组件。 Apple iOS 9.3.3之前版本、Safari 9.1.2之前版本和tvOS 9.2.2之前版本中的WebKit Page Loading实现过程中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。

Severity

中

Patch Name

多款Apple产品跨站脚本漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/HT206900

Reference

https://support.apple.com/HT206900

Impacted products

Name
['Apple IOS <9.3.3', 'Apple tvOS <9.2.2', 'Apple Safari <9.1.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4585"
    }
  },
  "description": "Apple iOS\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit Page Loading\u662f\u4e00\u4e2aWebKit\u9875\u9762\u52a0\u8f7d\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 9.3.3\u4e4b\u524d\u7248\u672c\u3001Safari 9.1.2\u4e4b\u524d\u7248\u672c\u548ctvOS 9.2.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684WebKit Page Loading\u5b9e\u73b0\u8fc7\u7a0b\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/HT206900",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-05668",
  "openTime": "2016-07-29",
  "patchDescription": "Apple iOS\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit Page Loading\u662f\u4e00\u4e2aWebKit\u9875\u9762\u52a0\u8f7d\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 9.3.3\u4e4b\u524d\u7248\u672c\u3001Safari 9.1.2\u4e4b\u524d\u7248\u672c\u548ctvOS 9.2.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684WebKit Page Loading\u5b9e\u73b0\u8fc7\u7a0b\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c9.3.3",
      "Apple tvOS \u003c9.2.2",
      "Apple Safari \u003c9.1.2"
    ]
  },
  "referenceLink": "https://support.apple.com/HT206900",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-28",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GSD-2016-4585

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4585

Aliases

CVE-2016-4585

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4585",
    "description": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.",
    "id": "GSD-2016-4585",
    "references": [
      "https://ubuntu.com/security/CVE-2016-4585"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4585"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.",
      "id": "GSD-2016-4585",
      "modified": "2023-12-13T01:21:18.729064Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4585",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2016-07-18-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
          },
          {
            "name": "91830",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91830"
          },
          {
            "name": "https://support.apple.com/HT206900",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206900"
          },
          {
            "name": "1036343",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036343"
          },
          {
            "name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
          },
          {
            "name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
          },
          {
            "name": "https://support.apple.com/HT206905",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206905"
          },
          {
            "name": "https://support.apple.com/HT206902",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206902"
          },
          {
            "name": "APPLE-SA-2016-07-18-5",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.1.2",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.3.3",
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "9.2.2",
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4585"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2016-07-18-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "https://support.apple.com/HT206905",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "https://support.apple.com/HT206902",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "name": "APPLE-SA-2016-07-18-5",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT206900",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206900"
            },
            {
              "name": "91830",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91830"
            },
            {
              "name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
            },
            {
              "name": "1036343",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036343"
            },
            {
              "name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
              "refsource": "BUGTRAQ",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-03-18T19:44Z",
      "publishedDate": "2016-07-22T02:59Z"
    }
  }
}

CERTFR-2016-AVI-239

Vulnerability from certfr_avis - Published: 2016-07-19 - Updated: 2016-07-19

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple tvOS versions antérieures à 9.2.2
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.4.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 5.2.1
Apple	Safari	Apple Safari versions antérieures à 9.1.2
Apple	N/A	Apple watchOS versions antérieures à 2.2.2
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004
Apple	N/A	Apple iOS versions antérieures à 9.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206902 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206905 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206903 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206901 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206904 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206899 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206900 du 18 juillet 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
    },
    {
      "name": "CVE-2016-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
    },
    {
      "name": "CVE-2016-4584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
    },
    {
      "name": "CVE-2016-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
    },
    {
      "name": "CVE-2016-4629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
    },
    {
      "name": "CVE-2016-4601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
    },
    {
      "name": "CVE-2016-4600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
    },
    {
      "name": "CVE-2016-4646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
    },
    {
      "name": "CVE-2016-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
    },
    {
      "name": "CVE-2016-4582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-4595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-4589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
    },
    {
      "name": "CVE-2016-4627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
    },
    {
      "name": "CVE-2016-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
    },
    {
      "name": "CVE-2016-4631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
    },
    {
      "name": "CVE-2016-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
    },
    {
      "name": "CVE-2016-4632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
    },
    {
      "name": "CVE-2016-4621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
    },
    {
      "name": "CVE-2016-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-4624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
    },
    {
      "name": "CVE-2016-4634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
    },
    {
      "name": "CVE-2016-4596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
    },
    {
      "name": "CVE-2016-4588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
    },
    {
      "name": "CVE-2016-4597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
    },
    {
      "name": "CVE-2016-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
    },
    {
      "name": "CVE-2016-4633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
    },
    {
      "name": "CVE-2016-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
    },
    {
      "name": "CVE-2016-4602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
    },
    {
      "name": "CVE-2016-4652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
    },
    {
      "name": "CVE-2016-4586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-4594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
    },
    {
      "name": "CVE-2016-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
    },
    {
      "name": "CVE-2016-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
    },
    {
      "name": "CVE-2016-4647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
    },
    {
      "name": "CVE-2016-4583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
    },
    {
      "name": "CVE-2014-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
    },
    {
      "name": "CVE-2016-4625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
    },
    {
      "name": "CVE-2016-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
    },
    {
      "name": "CVE-2016-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
    },
    {
      "name": "CVE-2016-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
    },
    {
      "name": "CVE-2016-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
    },
    {
      "name": "CVE-2016-4585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
    },
    {
      "name": "CVE-2016-4593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
    },
    {
      "name": "CVE-2016-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
    },
    {
      "name": "CVE-2016-4591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
    },
    {
      "name": "CVE-2016-4630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
    },
    {
      "name": "CVE-2016-4604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
    },
    {
      "name": "CVE-2016-4628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
    },
    {
      "name": "CVE-2016-4626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
    },
    {
      "name": "CVE-2016-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    }
  ],
  "initial_release_date": "2016-07-19T00:00:00",
  "last_revision_date": "2016-07-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-239",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206902"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206905"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206903"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206901"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206904"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206899"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206900"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4585 (GCVE-0-2016-4585)

FKIE_CVE-2016-4585

GHSA-QW3F-692V-R8M2

CNVD-2016-05668

GSD-2016-4585

CERTFR-2016-AVI-239

Solution

Tags

Sightings

Nomenclature