Details of VAR-201607-0306

ID

VAR-201607-0306

CVE

CVE-2016-4651

TITLE

Apple iOS and Safari Such as WebKit JavaScript Cross-site scripting vulnerability in binding

Trust: 0.8

sources: JVNDB: JVNDB-2016-004045

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. WebKit is prone to a cross-site scripting and a content spoofing vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit JavaScript Bindings is one of the components that binds the JavaScript engine. =========================================================================== Ubuntu Security Notice USN-3079-1 September 14, 2016 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-5 Safari 9.1.2 Safari 9.1.2 is now available and addresses the following: WebKit Available for: OS X El Capitan v10.11.6 Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak WebKit Available for: OS X El Capitan v10.11.6 Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com) WebKit Available for: OS X El Capitan v10.11.6 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4586 : Apple CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple WebKit Available for: OS X El Capitan v10.11.6 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail WebKit Available for: OS X El Capitan v10.11.6 Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation WebKit JavaScript Bindings Available for: OS X El Capitan v10.11.6 Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure WebKit Page Loading Available for: OS X El Capitan v10.11.6 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. This issue was addressed through improved URL validation on redirection. (www.mbsd.jp) Safari 9.1.2 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXBBAAoJEIOj74w0bLRGvW8QAMqOAKm8CnLcqepi5pjP08WT DZavcy5OGT/jah0WRuDSLSWgjWDQvGTsuIXvPr0sJp4ZU+KfpLRr/PP4jaHCEAgb UOf1n42FcVsVdXwNUdyzpEvvRDd3RKzjVDWIi7VAB+dH3sM42C3qPcffJs2+sjOG EQElvmMfAg4chSSCL6+y3l3uNabMk5oJeXJWICB8d1EtZpe5Epyp8GoYOh/JB2IG Lt4Rw0rVG8BYYXWe8vJ0vbHSWMEaixQoDzsxFTxZUUCWBl0GqjM/Bjij+TyHf+lc bb+4zfXPo8WKHad7M9ifl1+s8IzYUmdN3RZ8FFc02M7/i+rU0/HsmuRUxXG6dox3 r9sQKWeWr2xPmiU2pT0XPq95f2iLgt6rAFEfcK0zhLq3QbT5GQh9oyHwjc4c83+H FGUQ8BrstJIGVRqERxI48kvhiH12PRAilEswFAAr9lJu5X+rmw/glSyYfcslkF49 rDZBAGLEFvCNuwjkAsTelvwiC3tAERhfjh33OENMgS43dVOQfwVpOWolOHN4Tqa4 oLIDzx+0+yVjs/IIAZmTdRLV7yDjat1CRN80FOBHkjuqbD8kL8hU45cvoclUjc6J n4rOP1EG4SHph+DLfQiRVKbYWjOSOHWb3KMnkx+J5tuSVpe6FT/lpediznhacs+9 ukIIF2wGmuLEumkEjPi3 =2Qoy -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0005 ------------------------------------------------------------------------ Date reported : August 25, 2016 Advisory ID : WSA-2016-0005 Advisory URL : https://webkitgtk.org/security/WSA-2016-0005.html CVE identifiers : CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651. Several vulnerabilities were discovered in WebKitGTK+. CVE-2016-4583 Versions affected: WebKitGTK+ before 2.12.2. Credit to Roeland Krak. CVE-2016-4585 Versions affected: WebKitGTK+ before 2.12.1. Credit to Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp). CVE-2016-4586 Versions affected: WebKitGTK+ before 2.12.1. Credit to Apple. CVE-2016-4587 Versions affected: WebKitGTK+ before 2.10.1. Credit to Apple. CVE-2016-4588 Versions affected: WebKitGTK+ before 2.12.3. Credit to Apple. CVE-2016-4589 Versions affected: WebKitGTK+ before 2.12.3. Credit to Tongbo Luo and Bo Qu of Palo Alto Networks. CVE-2016-4590 Versions affected: WebKitGTK+ before 2.12.4. Credit to xisigr of Tencent's Xuanwu Lab (www.tencent.com). CVE-2016-4591 Versions affected: WebKitGTK+ before 2.12.4. Credit to ma.la of LINE Corporation. CVE-2016-4592 Versions affected: WebKitGTK+ before 2.10.5. Credit to Mikhail. CVE-2016-4622 Versions affected: WebKitGTK+ before 2.12.4. Credit to Samuel Gross working with Trend Micro's Zero Day Initiative. CVE-2016-4623 Versions affected: WebKitGTK+ before 2.12.0. Credit to Apple. CVE-2016-4624 Versions affected: WebKitGTK+ before 2.12.4. Credit to Apple. CVE-2016-4651 Versions affected: WebKitGTK+ before 2.12.0. Credit to Obscure. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, August 25, 2016

Trust: 2.25

sources: NVD: CVE-2016-4651 // JVNDB: JVNDB-2016-004045 // BID: 91835 // VULHUB: VHN-93470 // PACKETSTORM: 138715 // PACKETSTORM: 137962 // PACKETSTORM: 138502

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lte	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.3.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	9.1.1	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	9.3.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.1.2 (os x el capitan v10.11.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.1.2 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.1.2 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.2	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.34	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.33	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.30	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.28	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.52	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	9.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.3.3	Trust: 0.3

sources: BID: 91835 // JVNDB: JVNDB-2016-004045 // CNNVD: CNNVD-201607-899 // NVD: CVE-2016-4651

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4651
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4651
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201607-899
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93470
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4651
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93470
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4651
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93470 // JVNDB: JVNDB-2016-004045 // CNNVD: CNNVD-201607-899 // NVD: CVE-2016-4651

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-93470 // JVNDB: JVNDB-2016-004045 // NVD: CVE-2016-4651

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 138715 // CNNVD: CNNVD-201607-899

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201607-899

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004045

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-07-18-5 Safari 9.1.2	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html	Trust: 0.8
title:	APPLE-SA-2016-07-18-2 iOS 9.3.3	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Trust: 0.8
title:	HT206902	url:	https://support.apple.com/en-us/HT206902	Trust: 0.8
title:	HT206900	url:	https://support.apple.com/en-us/HT206900	Trust: 0.8
title:	HT206900	url:	https://support.apple.com/ja-jp/HT206900	Trust: 0.8
title:	HT206902	url:	https://support.apple.com/ja-jp/HT206902	Trust: 0.8
title:	Apple iOS and Safari WebKit JavaScript Fixes for binding cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63259	Trust: 0.6

sources: JVNDB: JVNDB-2016-004045 // CNNVD: CNNVD-201607-899

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4651	Trust: 3.1
db:	BID	id:	91835	Trust: 1.4
db:	PACKETSTORM	id:	138502	Trust: 1.2
db:	SECTRACK	id:	1036343	Trust: 1.1
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004045	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-899	Trust: 0.7
db:	ZDI	id:	ZDI-16-432	Trust: 0.6
db:	VULHUB	id:	VHN-93470	Trust: 0.1
db:	PACKETSTORM	id:	138715	Trust: 0.1
db:	PACKETSTORM	id:	137962	Trust: 0.1

sources: VULHUB: VHN-93470 // BID: 91835 // JVNDB: JVNDB-2016-004045 // PACKETSTORM: 138715 // PACKETSTORM: 137962 // PACKETSTORM: 138502 // CNNVD: CNNVD-201607-899 // NVD: CVE-2016-4651

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00004.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/91835	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/539295/100/0/threaded	Trust: 1.1
url:	https://support.apple.com/ht206900	Trust: 1.1
url:	https://support.apple.com/ht206902	Trust: 1.1
url:	http://packetstormsecurity.com/files/138502/webkitgtk-sop-bypass-information-disclosure.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1036343	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4651	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94844193/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4651	Trust: 0.8
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 0.6
url:	http://zerodayinitiative.com/advisories/zdi-16-432/	Trust: 0.6
url:	https://support.apple.com/ht206903	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4623	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4651	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4586	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4591	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4583	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4590	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4624	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4589	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4622	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4585	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4588	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4592	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4587	Trust: 0.2
url:	http://www.ubuntu.com/usn/usn-3079-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1854	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1856	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1859	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1857	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1858	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4584	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://www.mbsd.jp)	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://www.tencent.com)	Trust: 0.1
url:	https://webkitgtk.org/security/wsa-2016-0005.html	Trust: 0.1
url:	https://webkitgtk.org/security.html	Trust: 0.1
url:	https://www.mbsd.jp).	Trust: 0.1
url:	https://www.tencent.com).	Trust: 0.1

CREDITS

Obscure and xisigr of Tencent's Xuanwu Lab

Trust: 0.3

sources: BID: 91835

SOURCES

db:	VULHUB	id:	VHN-93470
db:	BID	id:	91835
db:	JVNDB	id:	JVNDB-2016-004045
db:	PACKETSTORM	id:	138715
db:	PACKETSTORM	id:	137962
db:	PACKETSTORM	id:	138502
db:	CNNVD	id:	CNNVD-201607-899
db:	NVD	id:	CVE-2016-4651

LAST UPDATE DATE

2025-04-13T22:24:58.810000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93470	date:	2018-10-09T00:00:00
db:	BID	id:	91835	date:	2016-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-004045	date:	2016-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201607-899	date:	2016-07-26T00:00:00
db:	NVD	id:	CVE-2016-4651	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93470	date:	2016-07-22T00:00:00
db:	BID	id:	91835	date:	2016-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-004045	date:	2016-07-29T00:00:00
db:	PACKETSTORM	id:	138715	date:	2016-09-14T16:52:04
db:	PACKETSTORM	id:	137962	date:	2016-07-19T20:05:55
db:	PACKETSTORM	id:	138502	date:	2016-08-25T04:44:44
db:	CNNVD	id:	CNNVD-201607-899	date:	2016-07-26T00:00:00
db:	NVD	id:	CVE-2016-4651	date:	2016-07-22T03:00:09.137