6.1

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 11.0.2
AppleiPhone OS Version < 11.2
AppletvOS Version < 11.2
ApplewatchOS Version < 4.2
AppleiCloud Version < 7.2
   MicrosoftWindows Version-
AppleiTunes Version < 12.7.2
   MicrosoftWindows Version-
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.91% 0.771
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://support.apple.com/HT208325
Vendor Advisory
https://support.apple.com/HT208327
Vendor Advisory
https://support.apple.com/HT208334
Vendor Advisory
https://support.apple.com/HT208324
Vendor Advisory
https://support.apple.com/HT208326
Vendor Advisory
https://support.apple.com/HT208328
Vendor Advisory
https://usn.ubuntu.com/3551-1/
Third Party Advisory