ByteOS Network

NVD Vulnerability Details :

CVE-2018-4117

Analyzed

Source-product-security@apple.com

Published At-03 Apr, 2018 | 06:29

Updated At-09 Nov, 2018 | 17:58

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Apple Inc.

>>safari>>Versions before 11.1(exclusive)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Apple Inc.

>>iphone_os>>Versions before 11.3(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Apple Inc.

>>watchos>>Versions before 4.3(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Apple Inc.

>>icloud>>Versions before 7.4(exclusive)

cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Apple Inc.

>>itunes>>Versions before 12.7.4(exclusive)

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

webkitgtk>>webkitgtk\+>>Versions before 2.20.4(exclusive)

cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104887	product-security@apple.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040604	product-security@apple.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2282	product-security@apple.com	Third Party Advisory
https://security.gentoo.org/glsa/201808-01	product-security@apple.com	Third Party Advisory
https://security.gentoo.org/glsa/201808-04	product-security@apple.com	Third Party Advisory
https://support.apple.com/HT208693	product-security@apple.com	Vendor Advisory
https://support.apple.com/HT208694	product-security@apple.com	Vendor Advisory
https://support.apple.com/HT208695	product-security@apple.com	Vendor Advisory
https://support.apple.com/HT208696	product-security@apple.com	Vendor Advisory
https://support.apple.com/HT208697	product-security@apple.com	Vendor Advisory
https://usn.ubuntu.com/3635-1/	product-security@apple.com	Third Party Advisory
https://www.debian.org/security/2018/dsa-4256	product-security@apple.com	Third Party Advisory