Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-2511 (GCVE-0-2017-2511)
Vulnerability from cvelistv5 – Published: 2017-05-22 04:54 – Updated: 2024-08-05 13:55
VLAI?
EPSS
Summary
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:05.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1038487",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038487"
},
{
"name": "https://support.apple.com/HT207804",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-2511",
"datePublished": "2017-05-22T04:54:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:05.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.1\", \"matchCriteriaId\": \"5AD72565-70D0-4922-83CB-BC3DEF5C9FA1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \\\"Safari\\\" component. It allows remote attackers to spoof the address bar via a crafted web site.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en ciertos productos de Apple. Safari anterior a versi\\u00f3n 10.1.1 est\\u00e1 afectado. El problema involucra al componente \\\"Safari\\\". Permite a los atacantes remotos falsificar la barra de direcciones por medio de un sitio web dise\\u00f1ado.\"}]",
"id": "CVE-2017-2511",
"lastModified": "2024-11-21T03:23:40.440",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-05-22T05:29:00.957",
"references": "[{\"url\": \"http://www.securitytracker.com/id/1038487\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207804\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1038487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-2511\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-05-22T05:29:00.957\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \\\"Safari\\\" component. It allows remote attackers to spoof the address bar via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en ciertos productos de Apple. Safari anterior a versi\u00f3n 10.1.1 est\u00e1 afectado. El problema involucra al componente \\\"Safari\\\". Permite a los atacantes remotos falsificar la barra de direcciones por medio de un sitio web dise\u00f1ado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1\",\"matchCriteriaId\":\"5AD72565-70D0-4922-83CB-BC3DEF5C9FA1\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1038487\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207804\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1038487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GHSA-R634-MHR5-4J6M
Vulnerability from github – Published: 2022-05-17 02:34 – Updated: 2022-05-17 02:34
VLAI?
Details
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-2511"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-22T05:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site.",
"id": "GHSA-r634-mhr5-4j6m",
"modified": "2022-05-17T02:34:54Z",
"published": "2022-05-17T02:34:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2511"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207804"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038487"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
CERTFR-2017-AVI-155
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2.1 | ||
| Apple | N/A | tvOS versions antérieures à 10.2.1 | ||
| Apple | N/A | watchOS versions antérieures à 3.2.2 | ||
| Apple | N/A | El Capitan sans le correctif de sécurité 2017-002 | ||
| Apple | N/A | iOS versions antérieures à 10.3.2 | ||
| Apple | N/A | Yosemite sans le correctif de sécurité 2017-002 | ||
| Apple | Safari | Safari versions antérieures à 10.1.1 | ||
| Apple | N/A | iTunes versions antérieures à 12.6.1 sur Windows | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "El Capitan sans le correctif de s\u00e9curit\u00e9 2017-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Yosemite sans le correctif de s\u00e9curit\u00e9 2017-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.6.1 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2541"
},
{
"name": "CVE-2017-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2494"
},
{
"name": "CVE-2017-2545",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2545"
},
{
"name": "CVE-2017-2540",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2540"
},
{
"name": "CVE-2017-6989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6989"
},
{
"name": "CVE-2017-6983",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6983"
},
{
"name": "CVE-2017-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2520"
},
{
"name": "CVE-2017-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2518"
},
{
"name": "CVE-2017-2514",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2514"
},
{
"name": "CVE-2017-2528",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2528"
},
{
"name": "CVE-2017-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2508"
},
{
"name": "CVE-2017-2524",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2524"
},
{
"name": "CVE-2017-2496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2496"
},
{
"name": "CVE-2017-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2535"
},
{
"name": "CVE-2017-6979",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6979"
},
{
"name": "CVE-2017-2548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2548"
},
{
"name": "CVE-2017-2527",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2527"
},
{
"name": "CVE-2017-2544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2544"
},
{
"name": "CVE-2017-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2511"
},
{
"name": "CVE-2017-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2519"
},
{
"name": "CVE-2017-6988",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6988"
},
{
"name": "CVE-2017-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2516"
},
{
"name": "CVE-2017-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2507"
},
{
"name": "CVE-2017-2499",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2499"
},
{
"name": "CVE-2017-2510",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2510"
},
{
"name": "CVE-2017-6990",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6990"
},
{
"name": "CVE-2017-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2531"
},
{
"name": "CVE-2017-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2534"
},
{
"name": "CVE-2017-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2525"
},
{
"name": "CVE-2017-6986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6986"
},
{
"name": "CVE-2017-2547",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2547"
},
{
"name": "CVE-2017-2538",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2538"
},
{
"name": "CVE-2017-6978",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6978"
},
{
"name": "CVE-2017-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2530"
},
{
"name": "CVE-2017-6991",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6991"
},
{
"name": "CVE-2017-6985",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6985"
},
{
"name": "CVE-2017-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2526"
},
{
"name": "CVE-2017-6984",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6984"
},
{
"name": "CVE-2017-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2533"
},
{
"name": "CVE-2017-2543",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2543"
},
{
"name": "CVE-2017-2504",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2504"
},
{
"name": "CVE-2017-6980",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6980"
},
{
"name": "CVE-2017-2515",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2515"
},
{
"name": "CVE-2017-2542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2542"
},
{
"name": "CVE-2017-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2495"
},
{
"name": "CVE-2017-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2549"
},
{
"name": "CVE-2017-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2503"
},
{
"name": "CVE-2017-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2502"
},
{
"name": "CVE-2017-6982",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6982"
},
{
"name": "CVE-2017-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2506"
},
{
"name": "CVE-2017-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2536"
},
{
"name": "CVE-2017-6977",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6977"
},
{
"name": "CVE-2017-2500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2500"
},
{
"name": "CVE-2017-6981",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6981"
},
{
"name": "CVE-2017-6987",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6987"
},
{
"name": "CVE-2017-2546",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2546"
},
{
"name": "CVE-2017-2512",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2512"
},
{
"name": "CVE-2017-2501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2501"
},
{
"name": "CVE-2017-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2513"
},
{
"name": "CVE-2017-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2539"
},
{
"name": "CVE-2017-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2509"
},
{
"name": "CVE-2017-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2521"
},
{
"name": "CVE-2017-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2505"
},
{
"name": "CVE-2017-2498",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2498"
},
{
"name": "CVE-2017-2497",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2497"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-155",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207801 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207800 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207800"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207805 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207805"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207798 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207798"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207804 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207797 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207797"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207803 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207803"
}
]
}
CERTFR-2017-AVI-155
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2.1 | ||
| Apple | N/A | tvOS versions antérieures à 10.2.1 | ||
| Apple | N/A | watchOS versions antérieures à 3.2.2 | ||
| Apple | N/A | El Capitan sans le correctif de sécurité 2017-002 | ||
| Apple | N/A | iOS versions antérieures à 10.3.2 | ||
| Apple | N/A | Yosemite sans le correctif de sécurité 2017-002 | ||
| Apple | Safari | Safari versions antérieures à 10.1.1 | ||
| Apple | N/A | iTunes versions antérieures à 12.6.1 sur Windows | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "El Capitan sans le correctif de s\u00e9curit\u00e9 2017-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Yosemite sans le correctif de s\u00e9curit\u00e9 2017-002",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.6.1 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2541"
},
{
"name": "CVE-2017-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2494"
},
{
"name": "CVE-2017-2545",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2545"
},
{
"name": "CVE-2017-2540",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2540"
},
{
"name": "CVE-2017-6989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6989"
},
{
"name": "CVE-2017-6983",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6983"
},
{
"name": "CVE-2017-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2520"
},
{
"name": "CVE-2017-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2518"
},
{
"name": "CVE-2017-2514",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2514"
},
{
"name": "CVE-2017-2528",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2528"
},
{
"name": "CVE-2017-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2508"
},
{
"name": "CVE-2017-2524",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2524"
},
{
"name": "CVE-2017-2496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2496"
},
{
"name": "CVE-2017-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2535"
},
{
"name": "CVE-2017-6979",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6979"
},
{
"name": "CVE-2017-2548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2548"
},
{
"name": "CVE-2017-2527",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2527"
},
{
"name": "CVE-2017-2544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2544"
},
{
"name": "CVE-2017-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2511"
},
{
"name": "CVE-2017-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2519"
},
{
"name": "CVE-2017-6988",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6988"
},
{
"name": "CVE-2017-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2516"
},
{
"name": "CVE-2017-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2507"
},
{
"name": "CVE-2017-2499",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2499"
},
{
"name": "CVE-2017-2510",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2510"
},
{
"name": "CVE-2017-6990",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6990"
},
{
"name": "CVE-2017-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2531"
},
{
"name": "CVE-2017-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2534"
},
{
"name": "CVE-2017-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2525"
},
{
"name": "CVE-2017-6986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6986"
},
{
"name": "CVE-2017-2547",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2547"
},
{
"name": "CVE-2017-2538",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2538"
},
{
"name": "CVE-2017-6978",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6978"
},
{
"name": "CVE-2017-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2530"
},
{
"name": "CVE-2017-6991",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6991"
},
{
"name": "CVE-2017-6985",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6985"
},
{
"name": "CVE-2017-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2526"
},
{
"name": "CVE-2017-6984",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6984"
},
{
"name": "CVE-2017-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2533"
},
{
"name": "CVE-2017-2543",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2543"
},
{
"name": "CVE-2017-2504",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2504"
},
{
"name": "CVE-2017-6980",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6980"
},
{
"name": "CVE-2017-2515",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2515"
},
{
"name": "CVE-2017-2542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2542"
},
{
"name": "CVE-2017-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2495"
},
{
"name": "CVE-2017-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2549"
},
{
"name": "CVE-2017-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2503"
},
{
"name": "CVE-2017-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2502"
},
{
"name": "CVE-2017-6982",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6982"
},
{
"name": "CVE-2017-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2506"
},
{
"name": "CVE-2017-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2536"
},
{
"name": "CVE-2017-6977",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6977"
},
{
"name": "CVE-2017-2500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2500"
},
{
"name": "CVE-2017-6981",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6981"
},
{
"name": "CVE-2017-6987",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6987"
},
{
"name": "CVE-2017-2546",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2546"
},
{
"name": "CVE-2017-2512",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2512"
},
{
"name": "CVE-2017-2501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2501"
},
{
"name": "CVE-2017-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2513"
},
{
"name": "CVE-2017-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2539"
},
{
"name": "CVE-2017-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2509"
},
{
"name": "CVE-2017-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2521"
},
{
"name": "CVE-2017-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2505"
},
{
"name": "CVE-2017-2498",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2498"
},
{
"name": "CVE-2017-2497",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2497"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-155",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207801 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207800 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207800"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207805 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207805"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207798 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207798"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207804 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207797 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207797"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207803 du 15 mai 2017",
"url": "https://support.apple.com/en-us/HT207803"
}
]
}
CNVD-2017-07709
Vulnerability from cnvd - Published: 2017-05-31
VLAI Severity ?
Title
Apple Safari 'Safari'组件地址伪造漏洞(CNVD-2017-07709)
Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Safari是其中的一个用于Safari浏览器的专用组件。
Apple Safari 10.1.1之前的版本中的‘Safari’组件存在地址伪造漏洞。远程攻击者可借助特制的Web站点利用该漏洞伪造地址栏。
Severity
中
Patch Name
Apple Safari 'Safari'组件地址伪造漏洞(CNVD-2017-07709)的补丁
Patch Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Safari是其中的一个用于Safari浏览器的专用组件。
Apple Safari 10.1.1之前的版本中的‘Safari’组件存在地址伪造漏洞。远程攻击者可借助特制的Web站点利用该漏洞伪造地址栏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://support.apple.com/HT207804
Reference
https://support.apple.com/HT207804
Impacted products
| Name | Apple Safari <10.1.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-2511"
}
},
"description": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Safari\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8eSafari\u6d4f\u89c8\u5668\u7684\u4e13\u7528\u7ec4\u4ef6\u3002\r\n\r\nApple Safari 10.1.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u2018Safari\u2019\u7ec4\u4ef6\u5b58\u5728\u5730\u5740\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684Web\u7ad9\u70b9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u5730\u5740\u680f\u3002",
"discovererName": "Zhiyang Zeng",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/HT207804",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-07709",
"openTime": "2017-05-31",
"patchDescription": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Safari\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8eSafari\u6d4f\u89c8\u5668\u7684\u4e13\u7528\u7ec4\u4ef6\u3002\r\n\r\nApple Safari 10.1.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u2018Safari\u2019\u7ec4\u4ef6\u5b58\u5728\u5730\u5740\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684Web\u7ad9\u70b9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u5730\u5740\u680f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple Safari \u0027Safari\u0027\u7ec4\u4ef6\u5730\u5740\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2017-07709\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apple Safari \u003c10.1.1"
},
"referenceLink": "https://support.apple.com/HT207804",
"serverity": "\u4e2d",
"submitTime": "2017-05-24",
"title": "Apple Safari \u0027Safari\u0027\u7ec4\u4ef6\u5730\u5740\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2017-07709\uff09"
}
VAR-201705-3226
Vulnerability from variot - Updated: 2023-12-18 11:39An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. These issues may allow a remote attacker to carry out phishing-style attacks. Versions prior to Safari 10.1.1 are vulnerable. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-05-15-7 Safari 10.1.1
Safari 10.1.1 is now available and addresses the following:
Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Visiting a maliciously crafted webpage may lead to an application denial of service Description: An issue in Safari's history menu was addressed through improved memory handling. CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-2500: Zhiyang Zeng and Yuyang Zhou of Tencent Security Platform Department CVE-2017-2511: Zhiyang Zeng of Tencent Security Platform Department
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2496: Apple CVE-2017-2505: lokihardt of Google Project Zero CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Microas Zero Day Initiative CVE-2017-2514: lokihardt of Google Project Zero CVE-2017-2515: lokihardt of Google Project Zero CVE-2017-2521: lokihardt of Google Project Zero CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab ( tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2530: Wei Yuan of Baidu Security Lab CVE-2017-2531: lokihardt of Google Project Zero CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative CVE-2017-6980: lokihardt of Google Project Zero CVE-2017-6984: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management. CVE-2017-2504: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management. CVE-2017-2508: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management. CVE-2017-2510: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management. CVE-2017-2528: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues with addressed through improved memory handling. CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management. CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.5 Impact: An application may be able to execute unsigned code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Safari 10.1.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmMAAoJEIOj74w0bLRGxi0P/RqhFhUl2dpkTY8fSc/Wpzub wuddiZwq3N6DDOioJuKYj0SfO0xazfb5IC2a+YOlQ7CwnorOw648O6PFTTLnTGun fJwP+aIovFdL6h4NuyBRZJvSxXQSCdlV2gBcDCOdc0SmHGHjk87u0bjTvPY4P34z Jfr0+Q0wNCAVgd/DQbreJFQzHaGieQ6heGRoFB/ag17f9DRyxmhCLxdn1XmKIXWV /602XgwLnlpVBAFRDmNNSjkF4C2/qoUGyCQR1WrkwoN2L4wQ1mxxNKNBzlSH8AzY RlV3UdnFJMrdddOkMc7GTgSwMWhyD84YrcpGuxL1ImIiyafZ7DCc3fZWUSgMIhE2 FwCBnga4qlqCzaNeZPpTfbufROHansUBy8FQds1IDm62nm4mw4IJeuortlrBtFLf Zo/P4ftzTG8gihkcOhg1ew8KW8hi5WeH554zIYVMZA839bfWr7B9ebjw3Run0Uka M7abLl4l1fvWluB+LHt5m65knnw6biNDs8gw5xkBLwDFU4zc3Z5Q/G/AiL9pe1Yz wE5MUiECDy3WrVaCptkjXdvJiev+KjrQnHkd0ui56sS9MjrP+f2P1OZCfcqmlibJ +U6YIErsplfR9FIaaf+ntlEV5f9BBeq0VHfQJfigwVD5bHUFBSr4ZHq9/9NEDoGu Kh8ARPteimq+z9WoNkT/ =H1Pv -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "10.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1.1 (macos sierra 10.12.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1.1 (os x el capitan 10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1.1 (os x yosemite 10.10.5)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
}
],
"sources": [
{
"db": "BID",
"id": "98470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhiyang Zeng and Yuyang Zhou of Tencent Security Platform Department.",
"sources": [
{
"db": "BID",
"id": "98470"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2511",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-110714",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2511",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2511",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110714",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site. These issues may allow a remote attacker to carry out phishing-style attacks. \nVersions prior to Safari 10.1.1 are vulnerable. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-05-15-7 Safari 10.1.1\n\nSafari 10.1.1 is now available and addresses the following:\n\nSafari\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Visiting a maliciously crafted webpage may lead to an\napplication denial of service\nDescription: An issue in Safari\u0027s history menu was addressed through\nimproved memory handling. \nCVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc. \n\nSafari\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-2500: Zhiyang Zeng and Yuyang Zhou of Tencent Security\nPlatform Department\nCVE-2017-2511: Zhiyang Zeng of Tencent Security Platform Department\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-2496: Apple\nCVE-2017-2505: lokihardt of Google Project Zero\nCVE-2017-2506: Zheng Huang of the Baidu Security Lab working with\nTrend Microas Zero Day Initiative\nCVE-2017-2514: lokihardt of Google Project Zero\nCVE-2017-2515: lokihardt of Google Project Zero\nCVE-2017-2521: lokihardt of Google Project Zero\nCVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (\ntencent.com) working with Trend Microas Zero Day Initiative\nCVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab\n(tencent.com) working with Trend Microas Zero Day Initiative\nCVE-2017-2530: Wei Yuan of Baidu Security Lab\nCVE-2017-2531: lokihardt of Google Project Zero\nCVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2017-2547: lokihardt of Google Project Zero,\nTeam Sniper (Keen Lab and PC Mgr) working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2017-6980: lokihardt of Google Project Zero\nCVE-2017-6984: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of WebKit Editor\ncommands. This issue was addressed with improved state management. \nCVE-2017-2504: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of WebKit\ncontainer nodes. This issue was addressed with improved state\nmanagement. \nCVE-2017-2508: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of pageshow\nevents. This issue was addressed with improved state management. \nCVE-2017-2510: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of WebKit cached\nframes. This issue was addressed with improved state management. \nCVE-2017-2528: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues with addressed through\nimproved memory handling. \nCVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in frame loading. This issue was\naddressed with improved state management. \nCVE-2017-2549: lokihardt of Google Project Zero\n\nWebKit Web Inspector\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.5\nImpact: An application may be able to execute unsigned code\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2499: George Dan (@theninjaprawn)\n\nInstallation note:\n\nSafari 10.1.1 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZGdmMAAoJEIOj74w0bLRGxi0P/RqhFhUl2dpkTY8fSc/Wpzub\nwuddiZwq3N6DDOioJuKYj0SfO0xazfb5IC2a+YOlQ7CwnorOw648O6PFTTLnTGun\nfJwP+aIovFdL6h4NuyBRZJvSxXQSCdlV2gBcDCOdc0SmHGHjk87u0bjTvPY4P34z\nJfr0+Q0wNCAVgd/DQbreJFQzHaGieQ6heGRoFB/ag17f9DRyxmhCLxdn1XmKIXWV\n/602XgwLnlpVBAFRDmNNSjkF4C2/qoUGyCQR1WrkwoN2L4wQ1mxxNKNBzlSH8AzY\nRlV3UdnFJMrdddOkMc7GTgSwMWhyD84YrcpGuxL1ImIiyafZ7DCc3fZWUSgMIhE2\nFwCBnga4qlqCzaNeZPpTfbufROHansUBy8FQds1IDm62nm4mw4IJeuortlrBtFLf\nZo/P4ftzTG8gihkcOhg1ew8KW8hi5WeH554zIYVMZA839bfWr7B9ebjw3Run0Uka\nM7abLl4l1fvWluB+LHt5m65knnw6biNDs8gw5xkBLwDFU4zc3Z5Q/G/AiL9pe1Yz\nwE5MUiECDy3WrVaCptkjXdvJiev+KjrQnHkd0ui56sS9MjrP+f2P1OZCfcqmlibJ\n+U6YIErsplfR9FIaaf+ntlEV5f9BBeq0VHfQJfigwVD5bHUFBSr4ZHq9/9NEDoGu\nKh8ARPteimq+z9WoNkT/\n=H1Pv\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "BID",
"id": "98470"
},
{
"db": "VULHUB",
"id": "VHN-110714"
},
{
"db": "PACKETSTORM",
"id": "142513"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2511",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1038487",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU98089541",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008",
"trust": 0.7
},
{
"db": "BID",
"id": "98470",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-110714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142513",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110714"
},
{
"db": "BID",
"id": "98470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "PACKETSTORM",
"id": "142513"
},
{
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"id": "VAR-201705-3226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110714"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:39:41.181000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207804",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207804"
},
{
"title": "HT207804",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207804"
},
{
"title": "Apple Safari\u0027Safari\u0027 Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70484"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "NVD",
"id": "CVE-2017-2511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht207804"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038487"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2511"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2511"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98089541/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2547"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2514"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2526"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110714"
},
{
"db": "BID",
"id": "98470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "PACKETSTORM",
"id": "142513"
},
{
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110714"
},
{
"db": "BID",
"id": "98470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"db": "PACKETSTORM",
"id": "142513"
},
{
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-110714"
},
{
"date": "2017-05-15T00:00:00",
"db": "BID",
"id": "98470"
},
{
"date": "2017-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"date": "2017-05-16T03:23:22",
"db": "PACKETSTORM",
"id": "142513"
},
{
"date": "2017-05-22T05:29:00.957000",
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110714"
},
{
"date": "2017-05-15T00:00:00",
"db": "BID",
"id": "98470"
},
{
"date": "2017-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003863"
},
{
"date": "2017-07-08T01:29:07.553000",
"db": "NVD",
"id": "CVE-2017-2511"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Safari of Safari Component address bar spoofing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1008"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-2511
Vulnerability from fkie_nvd - Published: 2017-05-22 05:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD72565-70D0-4922-83CB-BC3DEF5C9FA1",
"versionEndIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en ciertos productos de Apple. Safari anterior a versi\u00f3n 10.1.1 est\u00e1 afectado. El problema involucra al componente \"Safari\". Permite a los atacantes remotos falsificar la barra de direcciones por medio de un sitio web dise\u00f1ado."
}
],
"id": "CVE-2017-2511",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T05:29:00.957",
"references": [
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1038487"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207804"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-2511
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-2511",
"description": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site.",
"id": "GSD-2017-2511"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-2511"
],
"details": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site.",
"id": "GSD-2017-2511",
"modified": "2023-12-13T01:21:05.766924Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038487"
},
{
"name": "https://support.apple.com/HT207804",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207804"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2511"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207804",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207804"
},
{
"name": "1038487",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1038487"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-07-08T01:29Z",
"publishedDate": "2017-05-22T05:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…