Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-2371 — Improper Input Validation in Apple Iphone OS

CWE-20 — Improper Input Validation7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

6.9%

top 8.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Iphone OS Debian Webkit2gtk Apple IOS

Timeline

PublishedFeb 20

Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDapple/iphone_os< 10.2.1

▶debiandebian/webkit2gtk< webkit2gtk 2.14.4-1 (bookworm)

▶Appleapple/ios10.2.1

🔴Vulnerability Details

GHSA

GHSA-p7jw-mhp8-p9j3: An issue was discovered in certain Apple products↗2022-05-13

▶

OSV

CVE-2017-2371: An issue was discovered in certain Apple products↗2017-02-20

▶

💥Exploits & PoCs

Exploit-DB

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass↗2017-02-24

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2017-02-16

▶

Apple

CVE-2017-2371: iOS 10.2.1↗2017-01-23

▶

Debian

CVE-2017-2371: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected...↗2017

▶