CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
82.0%
An issue was discovered in certain Apple products. iOS before 10.3 is
affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The
issue involves the “WebKit” component. It allows remote attackers to
conduct Universal XSS (UXSS) attacks via crafted frame objects.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | webkit2gtk | < 2.16.1-0ubuntu0.16.04.1 | UNKNOWN |
ubuntu | 16.10 | noarch | webkit2gtk | < 2.16.1-0ubuntu0.16.10.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2017-2445
nvd.nist.gov/vuln/detail/CVE-2017-2445
security-tracker.debian.org/tracker/CVE-2017-2445
support.apple.com/HT207600
support.apple.com/HT207601
support.apple.com/HT207617
ubuntu.com/security/notices/USN-3257-1
www.cve.org/CVERecord?id=CVE-2017-2445
www.webkitgtk.org/security/WSA-2017-0003.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
82.0%