Main Vulnerability Database Vulnerabilities #VU33476

#VU33476 Information disclosure - CVE-2017-2364

Published: February 20, 2017 / Updated: August 4, 2020

Vulnerability identifier: #VU33476

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2017-2364

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/95725
http://www.securitytracker.com/id/1037668
http://www.securitytracker.com/id/1038137
https://security.gentoo.org/glsa/201706-15
https://support.apple.com/HT207482
https://support.apple.com/HT207484
https://www.exploit-db.com/exploits/41799/