Lucene search

AppleCVE-2013-0974

HistoryJan 29, 2013 - 5:58 a.m.

CVE-2013-0974

2013-01-2905:58:55

apple

web.nvd.nist.gov

cve

2013

0974

apple

ios

6.1

javascript

smart app banner

security issue

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.

Affected configurations

Nvd

Node

appleiphone_osRange≤6.0.2

appleiphone_osMatch6.0

appleiphone_osMatch6.0.1

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleiphone_os6.0cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*
appleiphone_os6.0.1cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	iphone_os	6.0	cpe:2.3:o:apple:iphone_os:6.0:::::::*
apple	iphone_os	6.0.1	cpe:2.3:o:apple:iphone_os:6.0.1:::::::*

References

lists.apple.com/archives/security-announce/2013/Jan/msg00000.html

osvdb.org/89658

support.apple.com/kb/HT5642

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.006

Percentile

79.0%

JSON

Related for CVE-2013-0974