Base Score

MEDIUM6.5

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

VectorNETWORK

Published Byproduct-security@apple.com

Published DateMay 20, 2016, 11:00

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
http://lists.apple.com/archives/security-announce/2016/May/msg00005.html
http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html
http://www.securityfocus.com/archive/1/538522/100/0/threaded
http://www.securitytracker.com/id/1035888
https://support.apple.com/HT206564
https://support.apple.com/HT206565
https://support.apple.com/HT206568

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE