Information disclosure in WebKitGTK+ - CVE-2017-2363
Published: February 20, 2017 / Updated: February 10, 2026
Vulnerability identifier: #VU33475
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-2363
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: WebKitGTK
Affected software:
WebKitGTK+
WebKitGTK+
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
How to mitigate CVE-2017-2363
Install update from vendor's website.
Sources
- http://www.securityfocus.com/bid/95728
- http://www.securitytracker.com/id/1037668
- https://security.gentoo.org/glsa/201706-15
- https://support.apple.com/HT207482
- https://support.apple.com/HT207484
- https://support.apple.com/HT207485
- https://support.apple.com/HT207487
- https://www.exploit-db.com/exploits/41449/