CVE-2016-1785: The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which…

CVE-2016-1785 [MEDIUM] CWE-200 GHSA-4v6r-qc3q-5hfm: The Page Loading implementation in WebKit in Apple iOS before 9 The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2016-1785 [MEDIUM] CVE-2016-1785: The Page Loading implementation in WebKit in Apple iOS before 9 The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2016-1785 [MEDIUM] CVE-2016-1785: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1785 Component: CVE-ID

CVE-2016-1785 [MEDIUM] CVE-2016-1785: Safari 9.1 Apple Security Update: About the security content of Safari 9.1 Product: Safari Version: 9.1 CVE: CVE-2016-1785 Component: CVE-ID

CVE-2016-5422 [HIGH] CVE-2016-5422 JON3: privilege escalation via improper authorization CVE-2016-5422 JON3: privilege escalation via improper authorization Regular users are able to add a user with super user role by sending a crafted POST request through the JON web console. This allows attackers to gain admin privilege, which leads to affecting Confidentiality, Integrity and Availability of the JON server itself as well as the resources it manages. Discussion: Acknowledgments: Name: Jeremy Choi (Red Hat Product Security Team) --- This issue has been addressed in the following products: Via RHSA-2016:1785 https://rhn.redhat.com/errata/RHSA-2016-1785.html