{ "id": "CVE-2017-2547", "sourceIdentifier": "product-security@apple.com", "published": "2017-05-22T05:29:02.473", "lastModified": "2017-08-13T01:29:19.773", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en ciertos productos de Apple. iOS versiones anteriores a 10.3.2 est\u00e1 afectado. Safari versiones anteriores a 10.1.1 est\u00e1 afectado. El problema involucra al componente \"WebKit\". Permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y bloqueo de aplicaci\u00f3n) por medio de un sitio web dise\u00f1ado." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-119" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.1", "matchCriteriaId": "5AD72565-70D0-4922-83CB-BC3DEF5C9FA1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.3.1", "matchCriteriaId": "7C1766D9-DF3D-4EDC-9DDB-7762815B85C6" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/98474", "source": "product-security@apple.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1038487", "source": "product-security@apple.com" }, { "url": "https://security.gentoo.org/glsa/201706-15", "source": "product-security@apple.com" }, { "url": "https://support.apple.com/HT207798", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/HT207804", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.exploit-db.com/exploits/42190/", "source": "product-security@apple.com" } ] }