CVE-2016-1772 - OpenCVE

The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Safari

Configuration 1 [-]

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html	Vendor Advisory
http://www.securityfocus.com/bid/85055
http://www.securitytracker.com/id/1035354
https://support.apple.com/HT206171	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2016-03-24T01:00:00

Updated: 2017-03-23T09:57:01

Reserved: 2016-01-13T00:00:00

Link: CVE-2016-1772

JSON object: View

NVD Information

Status : Modified

Published: 2016-03-24T01:59:40.187

Modified: 2017-03-24T01:59:01.970

Link: CVE-2016-1772

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-23T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "1035354", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035354"}, {"name": "APPLE-SA-2016-03-21-6", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"}, {"name": "85055", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/85055"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206171"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2016-1772", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035354", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035354"}, {"name": "APPLE-SA-2016-03-21-6", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"}, {"name": "85055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/85055"}, {"name": "https://support.apple.com/HT206171", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206171"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2016-1772", "datePublished": "2016-03-24T01:00:00", "dateReserved": "2016-01-13T00:00:00", "dateUpdated": "2017-03-23T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "F39FC2FB-375B-4129-A37F-BC749F8A9648", "versionEndIncluding": "9.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors."}, {"lang": "es", "value": "La funcionalidad Top Sites en Apple Safari en versiones anteriores a 9.1 no gestiona correctamente el almacenamiento de cookies, lo que facilita a servidores web remotos rastrear usuarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-1772", "lastModified": "2017-03-24T01:59:01.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-24T01:59:40.187", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/85055"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1035354"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206171"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}