CVE-2016-4760: WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP…

CVE-2016-4613 WebKitGTK+ vulnerabilities Title: WebKitGTK+ vulnerabilities Summary: Several security issues were fixed in WebKitGTK+. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Instructions: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

CVE-2016-4760 [MEDIUM] CVE-2016-4760: Safari 10 Apple Security Update: About the security content of Safari 10 Product: Safari Version: 10 CVE: CVE-2016-4760 Component: WebKit Impact: A malicious website may be able to access non-HTTP services Description: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version.

CVE-2016-4760 [MEDIUM] CVE-2016-4760: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4760 Component: WebKit Impact: A malicious website may be able to access non-HTTP services Description: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version.

CVE-2016-4760 [MEDIUM] CVE-2016-4760: iTunes 12.5.1 for Windows Apple Security Update: About the security content of iTunes 12.5.1 for Windows Product: iTunes 12.5.1 for Windows CVE: CVE-2016-4760 Component: WebKit Impact: A malicious website may be able to access non-HTTP services Description: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version.

CVE-2016-4760 [MEDIUM] CWE-284 GHSA-pqhh-972q-qrfv: WebKit in Apple iOS before 10, iTunes before 12 WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

CVE-2016-4760 [MEDIUM] CVE-2016-4760: WebKit in Apple iOS before 10, iTunes before 12 WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.