Main Vulnerability Database Vulnerabilities #VU33477

#VU33477 Information disclosure - CVE-2017-2365

Published: February 20, 2017 / Updated: August 4, 2020

Vulnerability identifier: #VU33477

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2017-2365

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/95727
http://www.securitytracker.com/id/1037668
https://security.gentoo.org/glsa/201706-15
https://support.apple.com/HT207482
https://support.apple.com/HT207484
https://support.apple.com/HT207485
https://www.exploit-db.com/exploits/41453/