CVE-2016-1864 — Sensitive Information Exposure in Apple

Vendor	Product	Version range	Fixed in
apple	ios	—	—
apple	iphone_os	<= 9.2.1	—
apple	safari	<= 9.0.3	—
apple	safari	—	—

Apple

CVE-2016-1864: Safari 9.1

vendor_apple·CVSS 4.3

CVE-2016-1864 [MEDIUM] CVE-2016-1864: Safari 9.1 Apple Security Update: About the security content of Safari 9.1 Product: Safari Version: 9.1 CVE: CVE-2016-1864 Component: CVE-ID

Apple

CVE-2016-1864: iOS 9.3

vendor_apple·CVSS 4.3

CVE-2016-1864 [MEDIUM] CVE-2016-1864: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1864 Component: CVE-ID

GHSA

GHSA-4vv7-62cm-wmwg: The XSS auditor in WebKit, as used in Apple iOS before 9

ghsa_unreviewed·2022-05-17

CVE-2016-1864 [MEDIUM] CWE-200 GHSA-4vv7-62cm-wmwg: The XSS auditor in WebKit, as used in Apple iOS before 9 The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

OSV

CVE-2016-1864: The XSS auditor in WebKit, as used in Apple iOS before 9

osv·2016-06-19·CVSS 4.3

CVE-2016-1864 [MEDIUM] CVE-2016-1864: The XSS auditor in WebKit, as used in Apple iOS before 9 The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

CVE-2016-1864: The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote…

Affected

CVSS provenance