SynopsisThe remote host has a web browser installed that is affected by multiple attack vectors.
DescriptionVersions of Safari prior to 10.1 are affected by multiple vulnerabilities :
- An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)
- An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)
Additional flaws exist in the following components :
- AutofFill (CVE-2017-2385)
- CoreGraphics (CVE-2017-2444)
- FaceTime (2017-2453)
- Kernel (CVE-2017-2490)
- Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)
SolutionUpgrade to Safari version 10.1 or later.