Details of VAR-201702-0462

ID

VAR-201702-0462

CVE

CVE-2016-7581

TITLE

Apple iOS of Safari Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007479

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL. Apple iOS is prone to an information-disclosure vulnerability and a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition or gain access to unauthorized information. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Safari is one of the web browser components

Trust: 1.98

sources: NVD: CVE-2016-7581 // JVNDB: JVNDB-2016-007479 // BID: 94432 // VULHUB: VHN-96401

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.1	Trust: 0.3

sources: BID: 94432 // JVNDB: JVNDB-2016-007479 // CNNVD: CNNVD-201611-478 // NVD: CVE-2016-7581

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7581
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7581
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201611-478
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96401
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7581
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96401
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7581
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96401 // JVNDB: JVNDB-2016-007479 // CNNVD: CNNVD-201611-478 // NVD: CVE-2016-7581

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-96401 // JVNDB: JVNDB-2016-007479 // NVD: CVE-2016-7581

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-478

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201611-478

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007479

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-10-24-1 iOS 10.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00000.html	Trust: 0.8
title:	HT207271	url:	https://support.apple.com/en-us/HT207271	Trust: 0.8
title:	HT207271	url:	https://support.apple.com/ja-jp/HT207271	Trust: 0.8
title:	Apple iOS Safari Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65815	Trust: 0.6

sources: JVNDB: JVNDB-2016-007479 // CNNVD: CNNVD-201611-478

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7581	Trust: 2.8
db:	BID	id:	94432	Trust: 2.0
db:	JVN	id:	JVNVU90743185	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007479	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-478	Trust: 0.7
db:	VULHUB	id:	VHN-96401	Trust: 0.1

sources: VULHUB: VHN-96401 // BID: 94432 // JVNDB: JVNDB-2016-007479 // CNNVD: CNNVD-201611-478 // NVD: CVE-2016-7581

REFERENCES

url:	http://www.securityfocus.com/bid/94432	Trust: 1.7
url:	https://support.apple.com/ht207271	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7581	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90743185/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7581	Trust: 0.8
url:	https://support.apple.com/en-in/ht207271	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3

sources: VULHUB: VHN-96401 // BID: 94432 // JVNDB: JVNDB-2016-007479 // CNNVD: CNNVD-201611-478 // NVD: CVE-2016-7581

CREDITS

Elcomsoft and an anonymous researcher

Trust: 0.9

sources: BID: 94432 // CNNVD: CNNVD-201611-478

SOURCES

db:	VULHUB	id:	VHN-96401
db:	BID	id:	94432
db:	JVNDB	id:	JVNDB-2016-007479
db:	CNNVD	id:	CNNVD-201611-478
db:	NVD	id:	CVE-2016-7581

LAST UPDATE DATE

2025-04-20T23:00:49.047000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96401	date:	2017-02-21T00:00:00
db:	BID	id:	94432	date:	2016-11-24T00:14:00
db:	JVNDB	id:	JVNDB-2016-007479	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-478	date:	2017-03-07T00:00:00
db:	NVD	id:	CVE-2016-7581	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96401	date:	2017-02-20T00:00:00
db:	BID	id:	94432	date:	2016-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-007479	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-478	date:	2016-11-23T00:00:00
db:	NVD	id:	CVE-2016-7581	date:	2017-02-20T08:59:01.540