Sign-up

ID

VAR-201711-0449


CVE

CVE-2017-13797


TITLE

plural Apple Used in products WebKit Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-010341

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.8

sources: NVD: CVE-2017-13797 // JVNDB: JVNDB-2017-010341 // VULHUB: VHN-104455 // VULMON: CVE-2017-13797

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:11.1

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.7.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.1 (windows 7 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.1 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.1 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.1 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:for windows 12.7.1 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.0.1 (macos high sierra 10.13)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.0.1 (macos sierra 10.12.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:11.0.1 (os x el capitan 10.11.6)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.1 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.0.4

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.0.6

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.0.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.1.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:7.0.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-010341 // CNNVD: CNNVD-201709-177 // NVD: CVE-2017-13797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13797
value: HIGH

Trust: 1.0

NVD: CVE-2017-13797
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-177
value: HIGH

Trust: 0.6

VULHUB: VHN-104455
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-13797
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13797
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-104455
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13797
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104455 // VULMON: CVE-2017-13797 // JVNDB: JVNDB-2017-010341 // CNNVD: CNNVD-201709-177 // NVD: CVE-2017-13797

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-104455 // JVNDB: JVNDB-2017-010341 // NVD: CVE-2017-13797

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-177

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201709-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010341

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-104455 // 
            
            
            
            VULMON: CVE-2017-13797

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208223url:https://support.apple.com/en-us/HT208223
Trust: 0.8
title:HT208224url:https://support.apple.com/en-us/HT208224
Trust: 0.8
title:HT208225url:https://support.apple.com/en-us/HT208225
Trust: 0.8
title:HT208219url:https://support.apple.com/en-us/HT208219
Trust: 0.8
title:HT208222url:https://support.apple.com/en-us/HT208222
Trust: 0.8
title:HT208219url:https://support.apple.com/ja-jp/HT208219
Trust: 0.8
title:HT208222url:https://support.apple.com/ja-jp/HT208222
Trust: 0.8
title:HT208223url:https://support.apple.com/ja-jp/HT208223
Trust: 0.8
title:HT208224url:https://support.apple.com/ja-jp/HT208224
Trust: 0.8
title:HT208225url:https://support.apple.com/ja-jp/HT208225
Trust: 0.8
title:Multiple Apple product WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90672
Trust: 0.6
title:domatourl:https://github.com/googleprojectzero/domato 
Trust: 0.1
title: - url:https://github.com/marckwei/temp 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-13797 // 
            
            
            
            JVNDB: JVNDB-2017-010341 // 
            
            
            
            CNNVD: CNNVD-201709-177

EXTERNAL IDS
db:NVDid:CVE-2017-13797
Trust: 2.6
db:EXPLOIT-DBid:43168
Trust: 1.8
db:JVNid:JVNVU99000953
Trust: 0.8
db:JVNDBid:JVNDB-2017-010341
Trust: 0.8
db:CNNVDid:CNNVD-201709-177
Trust: 0.7
db:SEEBUGid:SSVID-96885
Trust: 0.1
db:PACKETSTORMid:145086
Trust: 0.1
db:VULHUBid:VHN-104455
Trust: 0.1
db:VULMONid:CVE-2017-13797
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104455 // 
            
            
            
            VULMON: CVE-2017-13797 // 
            
            
            
            JVNDB: JVNDB-2017-010341 // 
            
            
            
            CNNVD: CNNVD-201709-177 // 
            
            
            
            NVD: CVE-2017-13797

REFERENCES
url:https://www.exploit-db.com/exploits/43168/
Trust: 1.9
url:https://support.apple.com/ht208219
Trust: 1.8
url:https://support.apple.com/ht208222
Trust: 1.8
url:https://support.apple.com/ht208223
Trust: 1.8
url:https://support.apple.com/ht208224
Trust: 1.8
url:https://support.apple.com/ht208225
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13797
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99000953/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13797
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/googleprojectzero/domato
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104455 // 
            
            
            
            VULMON: CVE-2017-13797 // 
            
            
            
            JVNDB: JVNDB-2017-010341 // 
            
            
            
            CNNVD: CNNVD-201709-177 // 
            
            
            
            NVD: CVE-2017-13797

SOURCES
db:VULHUBid:VHN-104455
db:VULMONid:CVE-2017-13797
db:JVNDBid:JVNDB-2017-010341
db:CNNVDid:CNNVD-201709-177
db:NVDid:CVE-2017-13797

LAST UPDATE DATE
2024-11-23T19:45:30.597000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104455date:2019-03-08T00:00:00
db:VULMONid:CVE-2017-13797date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2017-010341date:2017-12-12T00:00:00
db:CNNVDid:CNNVD-201709-177date:2019-03-13T00:00:00
db:NVDid:CVE-2017-13797date:2024-11-21T03:11:41.293

SOURCES RELEASE DATE
db:VULHUBid:VHN-104455date:2017-11-13T00:00:00
db:VULMONid:CVE-2017-13797date:2017-11-13T00:00:00
db:JVNDBid:JVNDB-2017-010341date:2017-12-12T00:00:00
db:CNNVDid:CNNVD-201709-177date:2017-08-30T00:00:00
db:NVDid:CVE-2017-13797date:2017-11-13T03:29:00.787