VAR-201804-0449
Vulnerability from variot - Updated: 2023-12-18 12:57An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. in the United States. Apple Safari is a web browser that comes with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. JavaScriptCore is one of the JavaScript core components. A security vulnerability exists in the JavaScriptCore component in Apple iOS versions prior to 10.3, Safari versions prior to 10.1, and tvOS versions prior to 10.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.3"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipod touch first 6 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (macos sierra 10.12.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (os x el capitan 10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (os x yosemite 10.10.5)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.2 (apple tv first 4 generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.4.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2492"
}
]
},
"cve": "CVE-2017-2492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2492",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-110695",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-2492",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2492",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-211",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110695",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-2492",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110695"
},
{
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"JavaScriptCore\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. in the United States. Apple Safari is a web browser that comes with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. JavaScriptCore is one of the JavaScript core components. A security vulnerability exists in the JavaScriptCore component in Apple iOS versions prior to 10.3, Safari versions prior to 10.1, and tvOS versions prior to 10.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "VULHUB",
"id": "VHN-110695"
},
{
"db": "VULMON",
"id": "CVE-2017-2492"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2492",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110695",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-2492",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110695"
},
{
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"id": "VAR-201804-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110695"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:57:00.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT207600",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207600"
},
{
"title": "HT207601",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207601"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207617"
},
{
"title": "HT207600",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207600"
},
{
"title": "HT207601",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207601"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207617"
},
{
"title": "Apple iOS , Safari and tvOS JavaScriptCore Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83063"
},
{
"title": "Apple: tvOS 10.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=96152d4695ab80cff7cf110b4458ab10"
},
{
"title": "Apple: Safari 10.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=5c4ba20f7a3a0bac6dc3db074ec0daa4"
},
{
"title": "Apple: iOS 10.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e3eec66a6152b7f2dac0fe21bb8ee9cd"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110695"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "NVD",
"id": "CVE-2017-2492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht207600"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207601"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207617"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2492"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2492"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207601"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110695"
},
{
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110695"
},
{
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-110695"
},
{
"date": "2018-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"date": "2018-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"date": "2018-04-03T06:29:01.280000",
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"date": "2018-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-110695"
},
{
"date": "2019-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2492"
},
{
"date": "2018-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013136"
},
{
"date": "2019-03-08T16:06:33.513000",
"db": "NVD",
"id": "CVE-2017-2492"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product JavaScriptCore Universal cross-site scripting vulnerability in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013136"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-211"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…