5.4

CVE-2016-4590

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version <= 9.1.1
   AppleiPhone OS Version <= 9.3.2
AppleWebKit
   AppleiPhone OS Version <= 9.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.46% 0.704
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
Mailing List
https://support.apple.com/HT206902
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html
Mailing List
http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
http://www.securityfocus.com/archive/1/539295/100/0/threaded
http://www.securitytracker.com/id/1036343
https://support.apple.com/HT206900
Vendor Advisory
http://www.securityfocus.com/bid/91835