CVE-2018-4117

Sažetak

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Reference

http://www.securityfocus.com/bid/104887
http://www.securitytracker.com/id/1040604
https://access.redhat.com/errata/RHSA-2018:2282
https://security.gentoo.org/glsa/201808-01
https://security.gentoo.org/glsa/201808-04
https://support.apple.com/HT208693
https://support.apple.com/HT208694
https://support.apple.com/HT208695
https://support.apple.com/HT208696
https://support.apple.com/HT208697
https://usn.ubuntu.com/3635-1/
https://www.debian.org/security/2018/dsa-4256

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-11-2018 - 17:58

Objavljeno

03-04-2018 - 06:29