CVE-2016-4604
published 2016-07-22CVE-2016-4604: Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
PriorityP423medium5.4CVSS 3.0
AVNACLPRNUIRSUCLILAN
EPSS
0.37%
58.9th percentile
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
GHSA
GHSA-2fph-f2f6-cpgm: Safari in Apple iOS before 9
ghsa_unreviewed·2022-05-17
CVE-2016-4604 [MEDIUM] CWE-601 GHSA-2fph-f2f6-cpgm: Safari in Apple iOS before 9
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
Apple
CVE-2016-4604: iOS 9.3.3
vendor_apple·2016-07-18·CVSS 5.4
CVE-2016-4604 [MEDIUM] CVE-2016-4604: iOS 9.3.3
Apple Security Update: About the security content of iOS 9.3.3
Product: iOS
Version: 9.3.3
CVE: CVE-2016-4604
Component: Safari
Impact: Visiting a malicious website may lead to user interface spoofing
Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlhttp://www.securityfocus.com/bid/91825http://www.securitytracker.com/id/1036344https://support.apple.com/HT206902http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlhttp://www.securityfocus.com/bid/91825http://www.securitytracker.com/id/1036344https://support.apple.com/HT206902
2016-07-22
Published