CVE-2016-1786
published 2016-03-24CVE-2016-1786: The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code…
PriorityP424medium5.4CVSS 3.0
AVNACLPRNUIRSUCLILAN
EPSS
0.44%
63.6th percentile
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.2.1 | — |
| apple | safari | <= 9.0.3 | — |
| apple | safari | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv5.4MEDIUM
Apple
CVE-2016-1786: Safari 9.1
vendor_apple·CVSS 5.4
CVE-2016-1786 [MEDIUM] CVE-2016-1786: Safari 9.1
Apple Security Update: About the security content of Safari 9.1
Product: Safari
Version: 9.1
CVE: CVE-2016-1786
Component: CVE-ID
Apple
CVE-2016-1786: iOS 9.3
vendor_apple·CVSS 5.4
CVE-2016-1786 [MEDIUM] CVE-2016-1786: iOS 9.3
Apple Security Update: About the security content of iOS 9.3
Product: iOS
Version: 9.3
CVE: CVE-2016-1786
Component: CVE-ID
GHSA
GHSA-hq5w-jxpr-6446: The Page Loading implementation in WebKit in Apple iOS before 9
ghsa_unreviewed·2022-05-14
CVE-2016-1786 [MEDIUM] CWE-200 GHSA-hq5w-jxpr-6446: The Page Loading implementation in WebKit in Apple iOS before 9
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
OSV
CVE-2016-1786: The Page Loading implementation in WebKit in Apple iOS before 9
osv·2016-03-24·CVSS 5.4
CVE-2016-1786 [MEDIUM] CVE-2016-1786: The Page Loading implementation in WebKit in Apple iOS before 9
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
No detection rules found.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2016/Mar/msg00005.htmlhttp://www.securityfocus.com/archive/1/537948/100/0/threadedhttp://www.securitytracker.com/id/1035353https://support.apple.com/HT206166https://support.apple.com/HT206171http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2016/Mar/msg00005.htmlhttp://www.securityfocus.com/archive/1/537948/100/0/threadedhttp://www.securitytracker.com/id/1035353https://support.apple.com/HT206166https://support.apple.com/HT206171
2016-03-24
Published