ID

VAR-201702-0190


CVE

CVE-2016-7762


TITLE

Apple iOS Used in etc. Webkit Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-007383

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. Webkit Contains a cross-site scripting vulnerability.Safari May be subjected to a cross-site scripting attack. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.98

sources: NVD: CVE-2016-7762 // JVNDB: JVNDB-2016-007383 // BID: 96337 // VULHUB: VHN-96582

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:10.1.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:10.2 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.2 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.2 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:10.1.1

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.2

Trust: 0.3

sources: BID: 96337 // JVNDB: JVNDB-2016-007383 // CNNVD: CNNVD-201702-710 // NVD: CVE-2016-7762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7762
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-7762
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201702-710
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96582
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7762
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-96582
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7762
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96582 // JVNDB: JVNDB-2016-007383 // CNNVD: CNNVD-201702-710 // NVD: CVE-2016-7762

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-96582 // JVNDB: JVNDB-2016-007383 // NVD: CVE-2016-7762

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-710

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201702-710

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007383

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:APPLE-SA-2016-12-12-1 iOS 10.2url:https://lists.apple.com/archives/security-announce/2016/Dec/msg00000.html

Trust: 0.8

title:HT207422url:https://support.apple.com/en-us/HT207422

Trust: 0.8

title:HT207422url:https://support.apple.com/ja-jp/HT207422

Trust: 0.8

title:Apple iOS WebKit Fixes for component cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68143

Trust: 0.6

sources: JVNDB: JVNDB-2016-007383 // CNNVD: CNNVD-201702-710

EXTERNAL IDS

db:NVDid:CVE-2016-7762

Trust: 2.8

db:JVNid:JVNVU93979172

Trust: 0.8

db:JVNDBid:JVNDB-2016-007383

Trust: 0.8

db:CNNVDid:CNNVD-201702-710

Trust: 0.7

db:BIDid:96337

Trust: 0.4

db:VULHUBid:VHN-96582

Trust: 0.1

sources: VULHUB: VHN-96582 // BID: 96337 // JVNDB: JVNDB-2016-007383 // CNNVD: CNNVD-201702-710 // NVD: CVE-2016-7762

REFERENCES

url:https://support.apple.com/ht207422

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7762

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93979172/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7762

Trust: 0.8

url:https://www.apple.com/

Trust: 0.3

url:http://www.apple.com/ios/

Trust: 0.3

url:https://support.apple.com/en-us/ht207422

Trust: 0.3

sources: VULHUB: VHN-96582 // BID: 96337 // JVNDB: JVNDB-2016-007383 // CNNVD: CNNVD-201702-710 // NVD: CVE-2016-7762

CREDITS

YongShao (Zhiyong Feng from JDSEC 1aq.com?)

Trust: 0.3

sources: BID: 96337

SOURCES

db:VULHUBid:VHN-96582
db:BIDid:96337
db:JVNDBid:JVNDB-2016-007383
db:CNNVDid:CNNVD-201702-710
db:NVDid:CVE-2016-7762

LAST UPDATE DATE

2024-11-23T20:16:53.193000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-96582date:2017-02-22T00:00:00
db:BIDid:96337date:2017-03-07T02:05:00
db:JVNDBid:JVNDB-2016-007383date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201702-710date:2017-02-22T00:00:00
db:NVDid:CVE-2016-7762date:2024-11-21T02:58:26.053

SOURCES RELEASE DATE

db:VULHUBid:VHN-96582date:2017-02-20T00:00:00
db:BIDid:96337date:2017-02-12T00:00:00
db:JVNDBid:JVNDB-2016-007383date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201702-710date:2017-02-22T00:00:00
db:NVDid:CVE-2016-7762date:2017-02-20T08:59:04.587