9.8
CVE-2017-2428
- EPSS 2.57%
- Veröffentlicht 02.04.2017 01:59:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.57% | 0.831 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207615
https://support.apple.com/HT207601
https://support.apple.com/HT207617
https://support.apple.com/HT207602
http://www.securityfocus.com/bid/97146
https://github.com/nghttp2/nghttp2/releases/tag/v1.17.0