Sign-up

ID

VAR-201804-0449


CVE

CVE-2017-2492


TITLE

plural Apple Product JavaScriptCore Universal cross-site scripting vulnerability in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-013136

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. in the United States. Apple Safari is a web browser that comes with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. JavaScriptCore is one of the JavaScript core components. A security vulnerability exists in the JavaScriptCore component in Apple iOS versions prior to 10.3, Safari versions prior to 10.1, and tvOS versions prior to 10.2

Trust: 1.8

sources: NVD: CVE-2017-2492 // JVNDB: JVNDB-2017-013136 // VULHUB: VHN-110695 // VULMON: CVE-2017-2492

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:10.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:10.3

Trust: 1.0

vendor:applemodel:safariscope:ltversion:10.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:10.1 (macos sierra 10.12.4)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:10.1 (os x el capitan 10.11.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:10.1 (os x yosemite 10.10.5)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:4.4.4

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013136 // CNNVD: CNNVD-201804-211 // NVD: CVE-2017-2492

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2492
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2492
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-211
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110695
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-2492
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2492
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-110695
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2492
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110695 // VULMON: CVE-2017-2492 // JVNDB: JVNDB-2017-013136 // CNNVD: CNNVD-201804-211 // NVD: CVE-2017-2492

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-110695 // JVNDB: JVNDB-2017-013136 // NVD: CVE-2017-2492

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-211

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201804-211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013136

PATCH
title:HT207600url:https://support.apple.com/en-us/HT207600
Trust: 0.8
title:HT207601url:https://support.apple.com/en-us/HT207601
Trust: 0.8
title:HT207617url:https://support.apple.com/en-us/HT207617
Trust: 0.8
title:HT207600url:https://support.apple.com/ja-jp/HT207600
Trust: 0.8
title:HT207601url:https://support.apple.com/ja-jp/HT207601
Trust: 0.8
title:HT207617url:https://support.apple.com/ja-jp/HT207617
Trust: 0.8
title:Apple iOS , Safari  and tvOS JavaScriptCore Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83063
Trust: 0.6
title:Apple: tvOS 10.2url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=96152d4695ab80cff7cf110b4458ab10
Trust: 0.1
title:Apple: Safari 10.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=5c4ba20f7a3a0bac6dc3db074ec0daa4
Trust: 0.1
title:Apple: iOS 10.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e3eec66a6152b7f2dac0fe21bb8ee9cd
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-2492 // 
            
            
            
            JVNDB: JVNDB-2017-013136 // 
            
            
            
            CNNVD: CNNVD-201804-211

EXTERNAL IDS
db:NVDid:CVE-2017-2492
Trust: 2.6
db:JVNDBid:JVNDB-2017-013136
Trust: 0.8
db:CNNVDid:CNNVD-201804-211
Trust: 0.6
db:VULHUBid:VHN-110695
Trust: 0.1
db:VULMONid:CVE-2017-2492
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110695 // 
            
            
            
            VULMON: CVE-2017-2492 // 
            
            
            
            JVNDB: JVNDB-2017-013136 // 
            
            
            
            CNNVD: CNNVD-201804-211 // 
            
            
            
            NVD: CVE-2017-2492

REFERENCES
url:https://support.apple.com/ht207600
Trust: 1.8
url:https://support.apple.com/ht207601
Trust: 1.8
url:https://support.apple.com/ht207617
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2492
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2492
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht207601
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110695 // 
            
            
            
            VULMON: CVE-2017-2492 // 
            
            
            
            JVNDB: JVNDB-2017-013136 // 
            
            
            
            CNNVD: CNNVD-201804-211 // 
            
            
            
            NVD: CVE-2017-2492

SOURCES
db:VULHUBid:VHN-110695
db:VULMONid:CVE-2017-2492
db:JVNDBid:JVNDB-2017-013136
db:CNNVDid:CNNVD-201804-211
db:NVDid:CVE-2017-2492

LAST UPDATE DATE
2024-11-23T22:12:37.450000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110695date:2019-03-08T00:00:00
db:VULMONid:CVE-2017-2492date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2017-013136date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-211date:2019-03-13T00:00:00
db:NVDid:CVE-2017-2492date:2024-11-21T03:23:38.170

SOURCES RELEASE DATE
db:VULHUBid:VHN-110695date:2018-04-03T00:00:00
db:VULMONid:CVE-2017-2492date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013136date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-211date:2018-04-04T00:00:00
db:NVDid:CVE-2017-2492date:2018-04-03T06:29:01.280