Home > Vulnerability Database > CVE-2017-7090

Mend.io Vulnerability Database

CVE-2017-7090

Date: October 22, 2017

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.

Severity Score

7.5

Related Resources (10)

Url: https://support.apple.com/HT208112

Url: https://support.apple.com/HT208113

Url: http://www.securitytracker.com/id/1039428

Url: https://support.apple.com/HT208141

Url: http://www.securityfocus.com/bid/100995

Url: https://support.apple.com/HT208142

Url: https://support.apple.com/HT208116

Url: http://www.securitytracker.com/id/1039384

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-7090

Url: https://www.mend.io/vulnerability-database/CVE-2017-7090

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-7090

Date: October 22, 2017

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?