#VU33477 Information disclosure in WebKitGTK+ - CVE-2017-2365
Published: February 20, 2017 / Updated: February 10, 2026
Vulnerability identifier: #VU33477
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-2365
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
WebKitGTK+
WebKitGTK+
Software vendor:
WebKitGTK
WebKitGTK
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Remediation
Install update from vendor's website.