[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-4591

Date: (C)2016-08-25   (M)2017-10-12
 
CVSS Score: 7.8Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: NONE
 Availability: NONE











WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Reference:
SECTRACK-1036343
http://www.securityfocus.com/archive/1/archive/1/539295/100/0/threaded
BID-91830
APPLE-SA-2016-07-18-2
APPLE-SA-2016-07-18-4
APPLE-SA-2016-07-18-5
http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
https://support.apple.com/HT206900
https://support.apple.com/HT206902
https://support.apple.com/HT206905

CPE    1
cpe:/a:apple:webkit
CWE    1
CWE-284
OVAL    5
oval:org.secpod.oval:def:703263
oval:org.secpod.oval:def:36266
oval:org.secpod.oval:def:111258
oval:org.secpod.oval:def:111281
...

© 2013 SecPod Technologies