Sign-up

ID

VAR-201901-0429


CVE

CVE-2017-13891


TITLE

iOS User interface vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014362

DESCRIPTION

In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. SafariViewController is one of the web browser components. A security vulnerability exists in the SafariViewController component in Apple iOS versions prior to 11.2. An attacker can use this vulnerability to forge the content of the address bar by using a malicious website

Trust: 1.71

sources: NVD: CVE-2017-13891 // JVNDB: JVNDB-2017-014362 // VULHUB: VHN-104559

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:11.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:11.1.2

Trust: 0.6

sources: JVNDB: JVNDB-2017-014362 // CNNVD: CNNVD-201901-388 // NVD: CVE-2017-13891

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13891
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-13891
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-388
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104559
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13891
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104559
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13891
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104559 // JVNDB: JVNDB-2017-014362 // CNNVD: CNNVD-201901-388 // NVD: CVE-2017-13891

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-104559 // JVNDB: JVNDB-2017-014362 // NVD: CVE-2017-13891

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-388

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201901-388

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014362

PATCH
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:Apple iOS SafariViewController Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88552
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014362 // 
            
            
            
            CNNVD: CNNVD-201901-388

EXTERNAL IDS
db:NVDid:CVE-2017-13891
Trust: 2.5
db:JVNDBid:JVNDB-2017-014362
Trust: 0.8
db:CNNVDid:CNNVD-201901-388
Trust: 0.7
db:VULHUBid:VHN-104559
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104559 // 
            
            
            
            JVNDB: JVNDB-2017-014362 // 
            
            
            
            CNNVD: CNNVD-201901-388 // 
            
            
            
            NVD: CVE-2017-13891

REFERENCES
url:https://support.apple.com/ht208334
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13891
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13891
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104559 // 
            
            
            
            JVNDB: JVNDB-2017-014362 // 
            
            
            
            CNNVD: CNNVD-201901-388 // 
            
            
            
            NVD: CVE-2017-13891

SOURCES
db:VULHUBid:VHN-104559
db:JVNDBid:JVNDB-2017-014362
db:CNNVDid:CNNVD-201901-388
db:NVDid:CVE-2017-13891

LAST UPDATE DATE
2024-11-23T22:21:51.704000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104559date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2017-014362date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-388date:2019-01-14T00:00:00
db:NVDid:CVE-2017-13891date:2024-11-21T03:11:51.853

SOURCES RELEASE DATE
db:VULHUBid:VHN-104559date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2017-014362date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-388date:2019-01-14T00:00:00
db:NVDid:CVE-2017-13891date:2019-01-11T18:29:00.737