Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-2197 (GCVE-0-2009-2197)
Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-07 05:44
VLAI?
EPSS
Summary
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035354"
},
{
"name": "APPLE-SA-2016-03-21-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"name": "85055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035354"
},
{
"name": "APPLE-SA-2016-03-21-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"name": "85055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035354"
},
{
"name": "APPLE-SA-2016-03-21-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"name": "85055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85055"
},
{
"name": "https://support.apple.com/HT206171",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2197",
"datePublished": "2016-03-24T01:00:00",
"dateReserved": "2009-06-24T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.0.3\", \"matchCriteriaId\": \"F39FC2FB-375B-4129-A37F-BC749F8A9648\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.\"}, {\"lang\": \"es\", \"value\": \"Apple Safari en versiones anteriores a 9.1 permite a atacantes remotos suplantar la interfaz de usuario a trav\\u00e9s de una p\\u00e1gina web que introduce texto en un contexto manipulado, conduciendo al uso no intencionado de ese texto dentro de un di\\u00e1logo de Safari.\"}]",
"id": "CVE-2009-2197",
"lastModified": "2024-11-21T01:04:21.757",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-03-24T01:59:00.353",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/85055\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1035354\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.apple.com/HT206171\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/85055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035354\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-19\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-2197\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-03-24T01:59:00.353\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.\"},{\"lang\":\"es\",\"value\":\"Apple Safari en versiones anteriores a 9.1 permite a atacantes remotos suplantar la interfaz de usuario a trav\u00e9s de una p\u00e1gina web que introduce texto en un contexto manipulado, conduciendo al uso no intencionado de ese texto dentro de un di\u00e1logo de Safari.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.3\",\"matchCriteriaId\":\"F39FC2FB-375B-4129-A37F-BC749F8A9648\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/85055\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1035354\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT206171\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/85055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
CERTFR-2016-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | N/A | tvOS versions antérieures à 9.2 pour Apple TV (4ème génération) | ||
| Apple | N/A | OS X El Capitan 10.11.x versions antérieures à 10.11.4 | ||
| Apple | N/A | iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents | ||
| Apple | N/A | watchOS versions antérieures à 2.2 | ||
| Apple | N/A | OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures | ||
| Apple | N/A | Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures | ||
| Apple | N/A | OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002 | ||
| Apple | Safari | Safari versions antérieures à 9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 9.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1753",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
},
{
"name": "CVE-2016-1781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
},
{
"name": "CVE-2016-1736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
},
{
"name": "CVE-2016-1750",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
},
{
"name": "CVE-2016-1779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
},
{
"name": "CVE-2016-1748",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
},
{
"name": "CVE-2016-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
},
{
"name": "CVE-2016-1758",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
},
{
"name": "CVE-2016-1735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
},
{
"name": "CVE-2016-1763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
},
{
"name": "CVE-2016-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
},
{
"name": "CVE-2016-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
},
{
"name": "CVE-2016-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
},
{
"name": "CVE-2016-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-1727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2015-3184",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
},
{
"name": "CVE-2015-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
},
{
"name": "CVE-2016-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1768",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
},
{
"name": "CVE-2016-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
},
{
"name": "CVE-2016-1744",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
},
{
"name": "CVE-2016-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
},
{
"name": "CVE-2016-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2016-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
},
{
"name": "CVE-2015-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
},
{
"name": "CVE-2016-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
},
{
"name": "CVE-2016-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2016-1776",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
},
{
"name": "CVE-2009-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
},
{
"name": "CVE-2016-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
},
{
"name": "CVE-2016-1733",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
},
{
"name": "CVE-2016-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
},
{
"name": "CVE-2016-1723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
},
{
"name": "CVE-2016-1783",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
},
{
"name": "CVE-2016-1756",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
},
{
"name": "CVE-2016-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
},
{
"name": "CVE-2016-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
},
{
"name": "CVE-2014-9495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
},
{
"name": "CVE-2015-8126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
},
{
"name": "CVE-2016-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
},
{
"name": "CVE-2016-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2016-1740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
},
{
"name": "CVE-2016-1764",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
},
{
"name": "CVE-2016-1757",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
},
{
"name": "CVE-2016-1769",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
},
{
"name": "CVE-2016-1743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
},
{
"name": "CVE-2016-1746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
},
{
"name": "CVE-2016-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-8659",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
},
{
"name": "CVE-2016-1770",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
},
{
"name": "CVE-2016-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
},
{
"name": "CVE-2016-1732",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
},
{
"name": "CVE-2016-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1765",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
},
{
"name": "CVE-2016-1741",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
},
{
"name": "CVE-2016-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
},
{
"name": "CVE-2016-1784",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
},
{
"name": "CVE-2016-1759",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
},
{
"name": "CVE-2016-1778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
},
{
"name": "CVE-2015-5334",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
},
{
"name": "CVE-2016-1722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
},
{
"name": "CVE-2015-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
},
{
"name": "CVE-2016-1738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
},
{
"name": "CVE-2016-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
},
{
"name": "CVE-2015-7551",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
},
{
"name": "CVE-2016-1780",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
},
{
"name": "CVE-2016-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
},
{
"name": "CVE-2016-1721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
},
{
"name": "CVE-2015-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
},
{
"name": "CVE-2016-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
},
{
"name": "CVE-2016-1726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
},
{
"name": "CVE-2016-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2016-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206172"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
"url": "https://support.apple.com/en-us/HT206167"
}
]
}
GSD-2009-2197
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-2197",
"description": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.",
"id": "GSD-2009-2197"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-2197"
],
"details": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.",
"id": "GSD-2009-2197",
"modified": "2023-12-13T01:19:47.200772Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035354"
},
{
"name": "APPLE-SA-2016-03-21-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"name": "85055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85055"
},
{
"name": "https://support.apple.com/HT206171",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206171"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2197"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-03-21-6",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"name": "https://support.apple.com/HT206171",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206171"
},
{
"name": "1035354",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035354"
},
{
"name": "85055",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/85055"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2017-03-24T01:59Z",
"publishedDate": "2016-03-24T01:59Z"
}
}
}
CNVD-2016-01861
Vulnerability from cnvd - Published: 2016-03-25
VLAI Severity ?
Title
Apple Safari界面伪造漏洞
Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。
Apple Safari 9.1之前版本中存在安全漏洞。攻击者可借助畸形的网站利用该漏洞伪造用户界面。
Severity
中
Patch Name
Apple Safari界面伪造漏洞的补丁
Patch Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。
Apple Safari 9.1之前版本中存在安全漏洞。攻击者可借助畸形的网站利用该漏洞伪造用户界面。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://support.apple.com/HT206171
Reference
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html
https://support.apple.com/en-au/HT206171
Impacted products
| Name | Apple Safari <9.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2009-2197"
}
},
"description": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nApple Safari 9.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7578\u5f62\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u7528\u6237\u754c\u9762\u3002",
"discovererName": "Alexios Fakos of n.runs AG",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/HT206171",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01861",
"openTime": "2016-03-25",
"patchDescription": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nApple Safari 9.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7578\u5f62\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u7528\u6237\u754c\u9762\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple Safari\u754c\u9762\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple Safari \u003c9.1"
},
"referenceLink": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html\r\nhttps://support.apple.com/en-au/HT206171",
"serverity": "\u4e2d",
"submitTime": "2016-03-24",
"title": "Apple Safari\u754c\u9762\u4f2a\u9020\u6f0f\u6d1e"
}
GHSA-H555-7QWC-MR94
Vulnerability from github – Published: 2022-05-02 03:32 – Updated: 2022-05-02 03:32
VLAI?
Details
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2009-2197"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-03-24T01:59:00Z",
"severity": "MODERATE"
},
"details": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.",
"id": "GHSA-h555-7qwc-mr94",
"modified": "2022-05-02T03:32:48Z",
"published": "2022-05-02T03:32:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2197"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206171"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/85055"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
VAR-201603-0001
Vulnerability from variot - Updated: 2023-12-18 11:10Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. Apple Safari Contains a vulnerability that impersonates the user interface. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Attackers can exploit these issues to obtain sensitive information, cause a denial-of-service condition or bypass security restrictions and perform unauthorized actions. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1762
Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue existed where the text of a dialog included page-supplied text. This issue was addressed by no longer including that text. CVE-ID CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: An insufficient input validation issue existed in the handling of certain files. This was addressed through additional checks during file expansion. CVE-ID CVE-2016-1771 : Russ Cox
Safari Top Sites Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: A cookie storage issue existed in the Top Sites page. This issue was addressed through improved state management. CVE-ID CVE-2016-1772 : WoofWagly
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1783 : Mihai Parparita of Google
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)
WebKit History Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. This was addressed through additional request checking. CVE-ID CVE-2016-1785 : an anonymous researcher
WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. This issue was addressed through improved URL display logic. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2 pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z 5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9 k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+ BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g ZD4qUKE2vo66y07AMC93 =8yOc -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x el capitan v10.11.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x mavericks v10.9.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1 (os x yosemite v10.10.5)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
}
],
"sources": [
{
"db": "BID",
"id": "85055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WoofWagly,Russ Cox, Alexios Fakos of n.runs AG",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-2197",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-39643",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2197",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-314",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39643",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. Apple Safari Contains a vulnerability that impersonates the user interface. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. \nAttackers can exploit these issues to obtain sensitive information, cause a denial-of-service condition or bypass security restrictions and perform unauthorized actions. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-6 Safari 9.1\n\nSafari 9.1 is now available and addresses the following:\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1762\n\nSafari\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An issue existed where the text of a dialog included\npage-supplied text. This issue was addressed by no longer including\nthat text. \nCVE-ID\nCVE-2009-2197 : Alexios Fakos of n.runs AG\n\nSafari Downloads\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: An insufficient input validation issue existed in the\nhandling of certain files. This was addressed through additional\nchecks during file expansion. \nCVE-ID\nCVE-2016-1771 : Russ Cox\n\nSafari Top Sites\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: A cookie storage issue existed in the Top Sites page. \nThis issue was addressed through improved state management. \nCVE-ID\nCVE-2016-1772 : WoofWagly\n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: An issue existed in the handling of attachment URLs. \nThis issue was addressed through improved URL handling. \nCVE-ID\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. \n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1778 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A malicious website may be able to access restricted ports\non arbitrary servers\nDescription: A port redirection issue was addressed through\nadditional port validation. \nCVE-ID\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. \n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription: An issue existed in the parsing of geolocation\nrequests. This was addressed through improved validation of the\nsecurity origin for geolocation requests. \nCVE-ID\nCVE-2016-1779 : xisigr of Tencent\u0027s Xuanwu Lab\n(http://www.tencent.com)\n\nWebKit History\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWebKit Page Loading\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A caching issue existed with character encoding. This\nwas addressed through additional request checking. \nCVE-ID\nCVE-2016-1785 : an anonymous researcher\n\nWebKit Page Loading\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. This issue was addressed through improved URL\ndisplay logic. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nInstallation note:\n\nSafari 9.1 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b\nZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v\nHTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u\nr8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2\npN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z\n5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D\nuD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn\ncn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9\nk1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+\nBIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu\nLvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g\nZD4qUKE2vo66y07AMC93\n=8yOc\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "BID",
"id": "85055"
},
{
"db": "VULHUB",
"id": "VHN-39643"
},
{
"db": "PACKETSTORM",
"id": "136347"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2197",
"trust": 2.9
},
{
"db": "BID",
"id": "85055",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1035354",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136347",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-39643",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39643"
},
{
"db": "BID",
"id": "85055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"id": "VAR-201603-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39643"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:10:40.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-03-21-6 Safari 9.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html"
},
{
"title": "HT206171",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206171"
},
{
"title": "HT206171",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206171"
},
{
"title": "Apple Safari Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60640"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "NVD",
"id": "CVE-2009-2197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/85055"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht206171"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035354"
},
{
"trust": 0.9,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.9,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2197"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1786"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1785"
},
{
"trust": 0.1,
"url": "http://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39643"
},
{
"db": "BID",
"id": "85055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39643"
},
{
"db": "BID",
"id": "85055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"db": "PACKETSTORM",
"id": "136347"
},
{
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-39643"
},
{
"date": "2016-03-21T00:00:00",
"db": "BID",
"id": "85055"
},
{
"date": "2016-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"date": "2016-03-22T15:20:32",
"db": "PACKETSTORM",
"id": "136347"
},
{
"date": "2016-03-24T01:59:00.353000",
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"date": "2016-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-39643"
},
{
"date": "2019-04-12T21:00:00",
"db": "BID",
"id": "85055"
},
{
"date": "2016-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001849"
},
{
"date": "2017-03-24T01:59:00.267000",
"db": "NVD",
"id": "CVE-2009-2197"
},
{
"date": "2019-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari Vulnerabilities in user interface spoofing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-314"
}
],
"trust": 0.6
}
}
FKIE_CVE-2009-2197
Vulnerability from fkie_nvd - Published: 2016-03-24 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F39FC2FB-375B-4129-A37F-BC749F8A9648",
"versionEndIncluding": "9.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog."
},
{
"lang": "es",
"value": "Apple Safari en versiones anteriores a 9.1 permite a atacantes remotos suplantar la interfaz de usuario a trav\u00e9s de una p\u00e1gina web que introduce texto en un contexto manipulado, conduciendo al uso no intencionado de ese texto dentro de un di\u00e1logo de Safari."
}
],
"id": "CVE-2009-2197",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-24T01:59:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/85055"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035354"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/85055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206171"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…