Base Score

MEDIUM4.3

CVE-2016-1864

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

VectorNETWORK

Published Byproduct-security@apple.com

Published DateJun 19, 2016, 20:59

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html
http://www.securityfocus.com/bid/91358
http://www.securitytracker.com/id/1036344
https://support.apple.com/HT206166
https://support.apple.com/HT206171

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE