Details of VAR-201702-0190

ID

VAR-201702-0190

CVE

CVE-2016-7762

TITLE

Apple iOS Used in etc. Webkit Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-007383

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. Webkit Contains a cross-site scripting vulnerability.Safari May be subjected to a cross-site scripting attack. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.98

sources: NVD: CVE-2016-7762 // JVNDB: JVNDB-2016-007383 // BID: 96337 // VULHUB: VHN-96582

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios beta	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.2	Trust: 0.3

sources: BID: 96337 // JVNDB: JVNDB-2016-007383 // NVD: CVE-2016-7762 // CNNVD: CNNVD-201702-710

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-7762
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201702-710
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96582
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-7762
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-96582
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	CVE-2016-7762
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-96582 // JVNDB: JVNDB-2016-007383 // NVD: CVE-2016-7762 // CNNVD: CNNVD-201702-710

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-96582 // JVNDB: JVNDB-2016-007383 // NVD: CVE-2016-7762

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-710

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201702-710

CONFIGURATIONS

sources: NVD: CVE-2016-7762

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/ht201222	Trust: 0.8
title:	APPLE-SA-2016-12-12-1 iOS 10.2	url:	https://lists.apple.com/archives/security-announce/2016/dec/msg00000.html	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/en-us/ht207422	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/ja-jp/ht207422	Trust: 0.8
title:	Apple iOS WebKit Fixes for component cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68143	Trust: 0.6

sources: JVNDB: JVNDB-2016-007383 // CNNVD: CNNVD-201702-710

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7762	Trust: 2.8
db:	JVN	id:	JVNVU93979172	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007383	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-710	Trust: 0.7
db:	BID	id:	96337	Trust: 0.4
db:	VULHUB	id:	VHN-96582	Trust: 0.1

sources: VULHUB: VHN-96582 // BID: 96337 // JVNDB: JVNDB-2016-007383 // NVD: CVE-2016-7762 // CNNVD: CNNVD-201702-710

REFERENCES

url:	https://support.apple.com/ht207422	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7762	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93979172/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7762	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://support.apple.com/en-us/ht207422	Trust: 0.3

sources: VULHUB: VHN-96582 // BID: 96337 // JVNDB: JVNDB-2016-007383 // NVD: CVE-2016-7762 // CNNVD: CNNVD-201702-710

CREDITS

YongShao (Zhiyong Feng from JDSEC 1aq.com?)

Trust: 0.3

sources: BID: 96337

SOURCES

db:	VULHUB	id:	VHN-96582
db:	BID	id:	96337
db:	JVNDB	id:	JVNDB-2016-007383
db:	NVD	id:	CVE-2016-7762
db:	CNNVD	id:	CNNVD-201702-710

LAST UPDATE DATE

2023-12-18T11:51:42.683000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96582	date:	2017-02-22T00:00:00
db:	BID	id:	96337	date:	2017-03-07T02:05:00
db:	JVNDB	id:	JVNDB-2016-007383	date:	2017-02-28T00:00:00
db:	NVD	id:	CVE-2016-7762	date:	2017-02-22T15:17:26.327
db:	CNNVD	id:	CNNVD-201702-710	date:	2017-02-22T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96582	date:	2017-02-20T00:00:00
db:	BID	id:	96337	date:	2017-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-007383	date:	2017-02-28T00:00:00
db:	NVD	id:	CVE-2016-7762	date:	2017-02-20T08:59:04.587
db:	CNNVD	id:	CNNVD-201702-710	date:	2017-02-22T00:00:00