Details of VAR-201901-0379

ID

VAR-201901-0379

CVE

CVE-2016-4644

TITLE

plural Apple Downgraded vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-009304

DESCRIPTION

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. Apple iOS, tvOS, and OS X El Capitan are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; OS X El Capitan is a dedicated operating system developed for Mac computers. CFNetwork Proxies is one of the components used to handle proxy connection response issues. An attacker could exploit this vulnerability to disclose sensitive user information

Trust: 1.71

sources: NVD: CVE-2016-4644 // JVNDB: JVNDB-2016-009304 // VULHUB: VHN-93463

AFFECTED PRODUCTS

vendor:	apple	model:	mac os	scope:	lt	version:	10.11.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	9.3.3	Trust: 1.0
vendor:	apple	model:	mac os	scope:	gte	version:	10.11.0	Trust: 1.0
vendor:	apple	model:	tv	scope:	lt	version:	9.2.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.2 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.2	Trust: 0.6

sources: JVNDB: JVNDB-2016-009304 // CNNVD: CNNVD-201901-382 // NVD: CVE-2016-4644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4644
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4644
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-382
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93463
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4644
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93463
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4644
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93463 // JVNDB: JVNDB-2016-009304 // CNNVD: CNNVD-201901-382 // NVD: CVE-2016-4644

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-93463 // JVNDB: JVNDB-2016-009304 // NVD: CVE-2016-4644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-382

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-382

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-009304

PATCH

title:	HT206905	url:	https://support.apple.com/en-us/HT206905	Trust: 0.8
title:	HT206902	url:	https://support.apple.com/en-us/HT206902	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/en-us/HT206903	Trust: 0.8
title:	HT206902	url:	https://support.apple.com/ja-jp/HT206902	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/ja-jp/HT206903	Trust: 0.8
title:	HT206905	url:	https://support.apple.com/ja-jp/HT206905	Trust: 0.8
title:	Apple iOS , tvOS and OS X El Capitan CFNetwork Credentials Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88546	Trust: 0.6

sources: JVNDB: JVNDB-2016-009304 // CNNVD: CNNVD-201901-382

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4644	Trust: 2.5
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-009304	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-382	Trust: 0.7
db:	VULHUB	id:	VHN-93463	Trust: 0.1

sources: VULHUB: VHN-93463 // JVNDB: JVNDB-2016-009304 // CNNVD: CNNVD-201901-382 // NVD: CVE-2016-4644

REFERENCES

url:	https://support.apple.com/ht206905	Trust: 1.7
url:	https://support.apple.com/ht206902	Trust: 1.7
url:	https://support.apple.com/ht206903	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4644	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94844193/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4644	Trust: 0.8

sources: VULHUB: VHN-93463 // JVNDB: JVNDB-2016-009304 // CNNVD: CNNVD-201901-382 // NVD: CVE-2016-4644

SOURCES

db:	VULHUB	id:	VHN-93463
db:	JVNDB	id:	JVNDB-2016-009304
db:	CNNVD	id:	CNNVD-201901-382
db:	NVD	id:	CVE-2016-4644

LAST UPDATE DATE

2024-11-23T20:26:35.803000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93463	date:	2019-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-009304	date:	2019-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201901-382	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2016-4644	date:	2024-11-21T02:52:41.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93463	date:	2019-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-009304	date:	2019-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201901-382	date:	2019-01-14T00:00:00
db:	NVD	id:	CVE-2016-4644	date:	2019-01-11T18:29:00.453