Vulnerability Description
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
CVSS Score
5.4
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | All versions |
| Apple | Iphone Os | <= 9.3.2 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlMailing List
- http://www.securityfocus.com/bid/91825
- http://www.securitytracker.com/id/1036344
- https://support.apple.com/HT206902Vendor Advisory
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlMailing List
- http://www.securityfocus.com/bid/91825
- http://www.securitytracker.com/id/1036344
- https://support.apple.com/HT206902Vendor Advisory
FAQ
What is CVE-2016-4604?
CVE-2016-4604 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
How severe is CVE-2016-4604?
CVE-2016-4604 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4604?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Iphone Os.