ID

VAR-201901-0378


CVE

CVE-2016-4643


TITLE

plural Apple In product 407 Response parsing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009302

DESCRIPTION

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; OS X El Capitan is a dedicated operating system developed for Mac computers. CFNetwork Proxies is one of the components used to handle proxy connection response issues. An attacker could exploit this vulnerability to disclose sensitive user information

Trust: 1.71

sources: NVD: CVE-2016-4643 // JVNDB: JVNDB-2016-009302 // VULHUB: VHN-93462

AFFECTED PRODUCTS

vendor:applemodel:mac osscope:ltversion:10.11.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:9.3.3

Trust: 1.0

vendor:applemodel:mac osscope:gteversion:10.11.0

Trust: 1.0

vendor:applemodel:tvscope:ltversion:9.2.2

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:9.2.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.2

Trust: 0.6

sources: JVNDB: JVNDB-2016-009302 // CNNVD: CNNVD-201901-381 // NVD: CVE-2016-4643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4643
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4643
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-381
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93462
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4643
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93462
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4643
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93462 // JVNDB: JVNDB-2016-009302 // CNNVD: CNNVD-201901-381 // NVD: CVE-2016-4643

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-93462 // JVNDB: JVNDB-2016-009302 // NVD: CVE-2016-4643

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-381

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-381

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-009302

PATCH

title:HT206905url:https://support.apple.com/en-us/HT206905

Trust: 0.8

title:HT206902url:https://support.apple.com/en-us/HT206902

Trust: 0.8

title:HT206903url:https://support.apple.com/en-us/HT206903

Trust: 0.8

title:HT206902url:https://support.apple.com/ja-jp/HT206902

Trust: 0.8

title:HT206903url:https://support.apple.com/ja-jp/HT206903

Trust: 0.8

title:HT206905url:https://support.apple.com/ja-jp/HT206905

Trust: 0.8

title:Apple iOS , tvOS and OS X El Capitan CFNetwork Proxies Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88545

Trust: 0.6

sources: JVNDB: JVNDB-2016-009302 // CNNVD: CNNVD-201901-381

EXTERNAL IDS

db:NVDid:CVE-2016-4643

Trust: 2.5

db:JVNid:JVNVU94844193

Trust: 0.8

db:JVNDBid:JVNDB-2016-009302

Trust: 0.8

db:CNNVDid:CNNVD-201901-381

Trust: 0.7

db:VULHUBid:VHN-93462

Trust: 0.1

sources: VULHUB: VHN-93462 // JVNDB: JVNDB-2016-009302 // CNNVD: CNNVD-201901-381 // NVD: CVE-2016-4643

REFERENCES

url:https://support.apple.com/ht206905

Trust: 1.7

url:https://support.apple.com/ht206902

Trust: 1.7

url:https://support.apple.com/ht206903

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4643

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94844193/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-4643

Trust: 0.8

sources: VULHUB: VHN-93462 // JVNDB: JVNDB-2016-009302 // CNNVD: CNNVD-201901-381 // NVD: CVE-2016-4643

SOURCES

db:VULHUBid:VHN-93462
db:JVNDBid:JVNDB-2016-009302
db:CNNVDid:CNNVD-201901-381
db:NVDid:CVE-2016-4643

LAST UPDATE DATE

2024-11-23T21:00:47.514000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93462date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2016-009302date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-381date:2019-01-14T00:00:00
db:NVDid:CVE-2016-4643date:2024-11-21T02:52:41.010

SOURCES RELEASE DATE

db:VULHUBid:VHN-93462date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2016-009302date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-381date:2019-01-14T00:00:00
db:NVDid:CVE-2016-4643date:2019-01-11T18:29:00.360