Details of VAR-201605-0469

ID

VAR-201605-0469

CVE

CVE-2016-1842

TITLE

plural Apple Product MapKit Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-002837

DESCRIPTION

MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party HTTP By intercepting the traffic network, important information may be obtained. Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers. MapKit is one of the map framework components. The vulnerability stems from the program's improper handling of HTTP and HTTPS requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-3 watchOS 2.2.1 watchOS 2.2.1 is now available and addresses the following: CommonCrypto Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed through improved locking. CVE-ID CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad libc Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) OpenGL Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0CAAoJEIOj74w0bLRGQZQQAIkIZEoM5s1QxnUBiXf92Fyg dAy3f7e/+YiTIdUHFdWmK+/bj4lB3+nUDc6UXx/JjVaNBF4wHkjXyOWIyi/z0CBZ mAcUuaN1oGh8J3krr8GBjhXyzhBj0z2c9o/7GuOdSFMuaTE84bf3qVAxlE30F9U6 wBJztbJfMi8simqBxSTIG7h1iOI5b8+GqOhBv1/IwvGCd2e9xUs7Vcqr/O3ZmWPc E8gzDGteNFpx9fK75fWsTi/M4Z81QAbuzEnB4fKA1pWyErjYrYIE1iLsfjZ9GpJW LoB9HMmeTtCrHAzSJ2E6aYJorb784mGgX45Hsrzl8auYPhi+1mxAjYX5p3UA4cvr fm47wQQ5+dwVOoB9u3DpSASeJE1Nv3wjgUeG52qLKr4fRaDolm4B81qrwvSm/54p H/kpBscIRkjDhZddCZme3mKZaICa5sZTiIT4LkYUtNzqG+n6u90CUXmhzfN8lPcE P2tm92e6nZjWi7kYStJMoFIHo1/kbKpF2g/5RwjzayZ4nBh1YrxqKmIL2FZKbbfS fYyvccAEevurZtMtYckx8e3LyMFZTHgNKjBwW1F/X2EKLOhUeugKUDIdiCUwd1Bi jEGMh/Q7/ffCH3Fqc4uwzj/gN5m+6oPAHpfVaa+HTRdce9Pg0eIcAMFkNLQIh8xa 9KEVtUytt+3iXZKwT2pg =VENn -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-1842 // JVNDB: JVNDB-2016-002837 // BID: 90692 // VULHUB: VHN-90661 // PACKETSTORM: 137080

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.3.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 and later	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch edition	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.4	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 90692 // JVNDB: JVNDB-2016-002837 // CNNVD: CNNVD-201605-505 // NVD: CVE-2016-1842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1842
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1842
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201605-505
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90661
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1842
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90661
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1842
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90661 // JVNDB: JVNDB-2016-002837 // CNNVD: CNNVD-201605-505 // NVD: CVE-2016-1842

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-90661 // JVNDB: JVNDB-2016-002837 // NVD: CVE-2016-1842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-505

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-505

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002837

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-05-16-2 iOS 9.3.2	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-3 watchOS 2.2.1	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html	Trust: 0.8
title:	HT206567	url:	https://support.apple.com/en-us/HT206567	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/en-us/HT206568	Trust: 0.8
title:	HT206566	url:	https://support.apple.com/en-us/HT206566	Trust: 0.8
title:	HT206566	url:	https://support.apple.com/ja-jp/HT206566	Trust: 0.8
title:	HT206567	url:	https://support.apple.com/ja-jp/HT206567	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/ja-jp/HT206568	Trust: 0.8
title:	Apple iOS , watchOS and OS X El Capitan MapKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61819	Trust: 0.6

sources: JVNDB: JVNDB-2016-002837 // CNNVD: CNNVD-201605-505

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1842	Trust: 2.9
db:	SECTRACK	id:	1035890	Trust: 1.1
db:	JVN	id:	JVNVU91632741	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002837	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-505	Trust: 0.7
db:	BID	id:	90692	Trust: 0.4
db:	VULHUB	id:	VHN-90661	Trust: 0.1
db:	PACKETSTORM	id:	137080	Trust: 0.1

sources: VULHUB: VHN-90661 // BID: 90692 // JVNDB: JVNDB-2016-002837 // PACKETSTORM: 137080 // CNNVD: CNNVD-201605-505 // NVD: CVE-2016-1842

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/may/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00003.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00004.html	Trust: 1.7
url:	https://support.apple.com/ht206566	Trust: 1.7
url:	https://support.apple.com/ht206567	Trust: 1.7
url:	https://support.apple.com/ht206568	Trust: 1.7
url:	http://www.securitytracker.com/id/1035890	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1842	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91632741/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1842	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1823	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1836	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1829	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1819	Trust: 0.1
url:	https://www.linkedin.com/in/rshupak)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1803	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1827	Trust: 0.1
url:	https://support.apple.com/en-us/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1830	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1847	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1828	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1833	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1807	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1834	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1818	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1832	Trust: 0.1

sources: VULHUB: VHN-90661 // BID: 90692 // JVNDB: JVNDB-2016-002837 // PACKETSTORM: 137080 // CNNVD: CNNVD-201605-505 // NVD: CVE-2016-1842

CREDITS

Richard Shupak

Trust: 0.3

sources: BID: 90692

SOURCES

db:	VULHUB	id:	VHN-90661
db:	BID	id:	90692
db:	JVNDB	id:	JVNDB-2016-002837
db:	PACKETSTORM	id:	137080
db:	CNNVD	id:	CNNVD-201605-505
db:	NVD	id:	CVE-2016-1842

LAST UPDATE DATE

2025-04-13T22:53:49.679000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90661	date:	2016-12-01T00:00:00
db:	BID	id:	90692	date:	2016-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-002837	date:	2016-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201605-505	date:	2016-05-25T00:00:00
db:	NVD	id:	CVE-2016-1842	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90661	date:	2016-05-20T00:00:00
db:	BID	id:	90692	date:	2016-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-002837	date:	2016-05-23T00:00:00
db:	PACKETSTORM	id:	137080	date:	2016-05-17T15:59:22
db:	CNNVD	id:	CNNVD-201605-505	date:	2016-05-20T00:00:00
db:	NVD	id:	CVE-2016-1842	date:	2016-05-20T10:59:56.190