Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11126
HistoryOct 23, 2017 - 12:00 a.m.

KLA11126 Multiple vulnerabilities in Apple Safari

2017-10-2300:00:00
Kaspersky Lab
threats.kaspersky.com
23

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.3%

JSON

Detect date:

10/23/2017

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting, bypass security restrictions, obtain sensitive information oe execute arbitrary code.

Affected products:

Safari versions earlier than 11

Solution:

Update to the latest version
Download Safari

Original advisories:

About the security content of Safari 11

Impacts:

ACE

Related products:

Apple Safari

CVE-IDS:

CVE-2017-71425.0Warning
CVE-2017-71444.3Warning
CVE-2017-70816.8High
CVE-2017-70854.3Warning
CVE-2017-70876.8High
CVE-2017-70894.3Warning
CVE-2017-70905.0Warning
CVE-2017-70916.8High
CVE-2017-70926.8High
CVE-2017-70936.8High
CVE-2017-70946.8High
CVE-2017-70956.8High
CVE-2017-70966.8High
CVE-2017-70986.8High
CVE-2017-70996.8High
CVE-2017-71006.8High
CVE-2017-71026.8High
CVE-2017-71046.8High
CVE-2017-71064.3Warning
CVE-2017-71076.8High
CVE-2017-71094.3Warning
CVE-2017-71116.8High
CVE-2017-71176.8High
CVE-2017-71206.8High

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 9
openvas 7
apple 10
kaspersky 1
ubuntu 1
zdt 2
mageia 1
freebsd 1
threatpost 1
debiancve 21
ubuntucve 21
prion 24
cve 24
zdi 5
exploitpack 1
suse 2
seebug 2
checkpoint_advisories 1
packetstorm 1
exploitdb 1
nessus
nessus
Apple iTunes < 12.7 WebKit Multiple Vulnerabilities (uncredentialed check)
2017-09-27 00:00:00
macOS : Apple Safari < 11.0 Multiple Vulnerabilities
2017-09-20 00:00:00
Apple iTunes < 12.7 WebKit Multiple Vulnerabilities (credentialed check)
2017-09-27 00:00:00
openvas
openvas
Apple Safari Spoofing and Cross-Site Scripting Vulnerabilities (HT208116)
2017-09-21 00:00:00
Apple iTunes Security Updates (HT208141)
2017-10-25 00:00:00
Apple iCloud Security Updates (HT208142)
2017-09-26 00:00:00
apple
apple
About the security content of Safari 11
2017-09-19 00:00:00
About the security content of Safari 11 - Apple Support
2018-02-14 07:14:51
About the security content of iTunes 12.7 for Windows - Apple Support
2018-10-18 05:03:03
kaspersky
kaspersky
KLA11127 Multiple vulnerabilities in Apple iTunes
2017-09-25 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-10-23 00:00:00
zdt
zdt
WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities
2017-10-19 00:00:00
Safari 10 Local SOP bypass Vulnerability
2017-10-05 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-11-27 00:18:31
freebsd
freebsd
webkit2-gtk3 -- multiple vulnerabilities
2017-10-18 00:00:00
threatpost
threatpost
iOS 11 Update includes Patches for Eight Vulnerabilities
2017-09-19 17:21:52
debiancve
debiancve
CVE-2017-7120
2017-10-23 01:29:00
CVE-2017-7093
2017-10-23 01:29:00
CVE-2017-7107
2017-10-23 01:29:00
ubuntucve
ubuntucve
CVE-2017-7109
2017-10-18 00:00:00
CVE-2017-7120
2017-10-18 00:00:00
CVE-2017-7107
2017-10-18 00:00:00
prion
prion
Memory corruption
2017-10-23 01:29:00
Code injection
2017-10-23 01:29:00
Memory corruption
2017-10-23 01:29:00
cve
cve
CVE-2017-7142
2017-10-23 01:29:00
CVE-2017-7093
2017-10-23 01:29:00
CVE-2017-7111
2017-10-23 01:29:00
zdi
zdi
Apple Safari JSString Out-Of-Bounds Access Remote Code Execution Vulnerability
2017-09-26 00:00:00
Apple Safari RegExp replace Out-Of-Bounds Access Remote Code Execution Vulnerability
2017-09-26 00:00:00
Apple Safari RenderFlowThread Out-Of-Bounds Access Remote Code Execution Vulnerability
2017-09-26 00:00:00
exploitpack
exploitpack
Webkit (Safari) - Universal Cross-site Scripting
2017-10-03 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2018-02-01 00:14:30
Security update for webkit2gtk3 (important)
2018-01-25 21:10:00
seebug
seebug
Apple Safari uxss(CVE-2017-7089)
2017-10-09 00:00:00
WebKit: JSC: Incorrect for-in optimization #2(CVE-2017-7117)
2017-10-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Denial of Service (CVE-2017-7092)
2019-04-02 00:00:00
packetstorm
packetstorm
WebKit JSC Incorrect Optimization
2017-10-03 00:00:00
exploitdb
exploitdb
Webkit (Safari) - Universal Cross-site Scripting
2017-10-03 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.085 Low

EPSS

Percentile

94.3%

JSON
Related for KLA11126
nessus9openvas7apple10kaspersky1ubuntu1zdt2mageia1freebsd1threatpost1debiancve21ubuntucve21prion24cve24zdi5exploitpack1suse2seebug2checkpoint_advisories1packetstorm1exploitdb1