1. Home
  2. CVE Database
  3. CVE-2017-7153
MEDIUM · 6.1

CVE-2017-7153

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected....

Vulnerability Description

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
AppleSafari< 11.0.2
AppleIphone Os< 11.2
AppleTvos< 11.2
AppleWatchos< 4.2
AppleIcloud< 7.2
MicrosoftWindows-
AppleItunes< 12.7.2
CanonicalUbuntu Linux16.04

Related Weaknesses (CWE)

CWE-601

References

FAQ

What is CVE-2017-7153?

CVE-2017-7153 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected....

How severe is CVE-2017-7153?

CVE-2017-7153 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7153?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Iphone Os, Apple Tvos, Apple Watchos, Apple Icloud.