#VU33475 Information disclosure in WebKitGTK+ - CVE-2017-2363
Published: February 20, 2017 / Updated: February 10, 2026
Vulnerability identifier: #VU33475
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-2363
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
WebKitGTK+
WebKitGTK+
Software vendor:
WebKitGTK
WebKitGTK
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Remediation
Install update from vendor's website.
External links
- http://www.securityfocus.com/bid/95728
- http://www.securitytracker.com/id/1037668
- https://security.gentoo.org/glsa/201706-15
- https://support.apple.com/HT207482
- https://support.apple.com/HT207484
- https://support.apple.com/HT207485
- https://support.apple.com/HT207487
- https://www.exploit-db.com/exploits/41449/