CVE-2016-4642

CWE-2546 documents4 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 43.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Apple TV Apple Iphone OS Apple MAC OS

Timeline

PublishedJan 11

Latest updateMay 14

Description

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDapple/mac_os10.11.0 — 10.11.6

▶NVDapple/apple_tv< 9.2.2

▶NVDapple/iphone_os< 9.3.3

🔴Vulnerability Details

GHSA

GHSA-3qpj-8jfc-pvm9: In iOS before 9↗2022-05-14

▶

CVEList

CVE-2016-4642: In iOS before 9↗2019-01-11

▶

📋Vendor Advisories

Apple

CVE-2016-4642: tvOS 9.2.2↗2016-07-18

▶

Apple

CVE-2016-4642: iOS 9.3.3↗2016-07-18

▶

Apple

CVE-2016-4642: OS X El Capitan v10.11.6 and Security Update 2016-004↗2016-07-18

▶