Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2016-4610

Disclosure Date: July 22, 2016 •

CVE-2016-4610 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apple,
debian,
fedoraproject,
xmlsoft

Products

debian linux 8.0,
fedora 30,
icloud,
itunes,
libxslt

References

Canonical

CVE-2016-4610 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610)

BID-91826 (http://www.securityfocus.com/bid/91826)

Advisory

APPLE-SA-2016-07-18-4 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html)

APPLE-SA-2016-07-18-3 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html)

APPLE-SA-2016-07-18-2 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html)

https://support.apple.com/HT206901

APPLE-SA-2016-07-18-1 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html)

APPLE-SA-2016-07-18-6 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html)

https://support.apple.com/HT206905

SECTRACK-1036348 (http://www.securitytracker.com/id/1036348)

https://support.apple.com/HT206903

https://support.apple.com/HT206902

https://support.apple.com/HT206904

https://support.apple.com/HT206899

FEDORA-2019-320d5295fc (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA)

[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update (https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html)

Rapid7

Technical Analysis