CVE-2016-1779 - OpenCVE

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::

References

Link	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html	Vendor Advisory
http://www.securityfocus.com/archive/1/537948/100/0/threaded
http://www.securitytracker.com/id/1035353
https://support.apple.com/HT206166	Vendor Advisory
https://support.apple.com/HT206171	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2016-03-24T01:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2016-01-13T00:00:00

Link: CVE-2016-1779

JSON object: View

NVD Information

Status : Modified

Published: 2016-03-24T01:59:46.547

Modified: 2018-10-09T19:59:21.443

Link: CVE-2016-1779

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2016-03-21-6", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"}, {"name": "1035353", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035353"}, {"name": "APPLE-SA-2016-03-21-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"}, {"name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206171"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT206166"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2016-1779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2016-03-21-6", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"}, {"name": "1035353", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035353"}, {"name": "APPLE-SA-2016-03-21-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"}, {"name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"}, {"name": "https://support.apple.com/HT206171", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206171"}, {"name": "https://support.apple.com/HT206166", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206166"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2016-1779", "datePublished": "2016-03-24T01:00:00", "dateReserved": "2016-01-13T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "F39FC2FB-375B-4129-A37F-BC749F8A9648", "versionEndIncluding": "9.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237", "versionEndIncluding": "9.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request."}, {"lang": "es", "value": "WebKit en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1 permite a atacantes remotos eludir la Same Origin Policy y obtener datos de localizaci\u00f3n f\u00edsica a trav\u00e9s de una petici\u00f3n de geolocalizaci\u00f3n manipulada."}], "id": "CVE-2016-1779", "lastModified": "2018-10-09T19:59:21.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-24T01:59:46.547", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1035353"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206166"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT206171"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}