CVE-2017-7011
published 2017-07-20CVE-2017-7011: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component…
PriorityP430medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
0.83%
75.0th percentile
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 10.3.2 | — |
| apple | safari | <= 10.1.1 | — |
| apple | safari | — | — |
| debian | webkit2gtk | < webkit2gtk 2.16.3-2 (bookworm) | webkit2gtk 2.16.3-2 (bookworm) |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5LOW
Apple
CVE-2017-7011: Safari 10.1.2
vendor_apple·2017-07-19·CVSS 6.5
CVE-2017-7011 [MEDIUM] CVE-2017-7011: Safari 10.1.2
Apple Security Update: About the security content of Safari 10.1.2
Product: Safari
Version: 10.1.2
CVE: CVE-2017-7011
Component: WebKit
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue was addressed with improved frame handling.
Apple
CVE-2017-7011: iOS 10.3.3
vendor_apple·2017-07-19·CVSS 6.5
CVE-2017-7011 [MEDIUM] CVE-2017-7011: iOS 10.3.3
Apple Security Update: About the security content of iOS 10.3.3
Product: iOS
Version: 10.3.3
CVE: CVE-2017-7011
Component: WebKit
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue was addressed with improved frame handling.
Debian
CVE-2017-7011: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected...
vendor_debian·2017·CVSS 6.5
CVE-2017-7011 [MEDIUM] CVE-2017-7011: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected...
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed in 2.16.3-2)
forky: resolved (fixed in 2.16.3-2)
sid: resolved (fixed in 2.16.3-2)
trixie: resolved (fixed in 2.16.3-2)
GHSA
GHSA-j842-m828-pqm3: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-14
CVE-2017-7011 [MEDIUM] CWE-20 GHSA-j842-m828-pqm3: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.
OSV
CVE-2017-7011: An issue was discovered in certain Apple products
osv·2017-07-20·CVSS 6.5
CVE-2017-7011 [MEDIUM] CVE-2017-7011: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/99887http://www.securitytracker.com/id/1038950https://security.gentoo.org/glsa/201710-14https://support.apple.com/HT207921https://support.apple.com/HT207923http://www.securityfocus.com/bid/99887http://www.securitytracker.com/id/1038950https://security.gentoo.org/glsa/201710-14https://support.apple.com/HT207921https://support.apple.com/HT207923
2017-07-20
Published