Vulnerability Details : CVE-2018-4117
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Vulnerability category: Information leak
Products affected by CVE-2018-4117
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-4117
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-4117
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-4117
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4117
-
https://usn.ubuntu.com/3635-1/
USN-3635-1: WebKitGTK+ vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id/1040604
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof the User Interface, Remote and Local Users Bypass Security Restrictions and Obtain Potentially Sensitive InforThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/104887
Google Chrome Prior to 68.0.3440.75 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://support.apple.com/HT208697
About the security content of iCloud for Windows 7.4 - Apple SupportVendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:2282
RHSA-2018:2282 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201808-01
Chromium, Google Chrome: Multiple vulnerabilities (GLSA 201808-01) — Gentoo securityThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4256
Debian -- Security Information -- DSA-4256-1 chromium-browserThird Party Advisory
-
https://support.apple.com/HT208693
About the security content of iOS 11.3 - Apple SupportVendor Advisory
-
https://support.apple.com/HT208696
About the security content of watchOS 4.3 - Apple SupportVendor Advisory
-
https://support.apple.com/HT208695
About the security content of Safari 11.1 - Apple SupportVendor Advisory
-
https://security.gentoo.org/glsa/201808-04
WebkitGTK+: Multiple vulnerabilities (GLSA 201808-04) — Gentoo securityThird Party Advisory
-
https://support.apple.com/HT208694
About the security content of iTunes 12.7.4 for Windows - Apple SupportVendor Advisory
Jump to