HTTP: Apple Safari parameter name Use After Free
This signature detects an attempt to exploit an Use-After-Free Vulnerability in Apple's Safari. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.
Extended Description
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.
Affected Products
Apple iphone_os
References
CVE: CVE-2016-1857
URL: https://github.com/tunz/js-vuln-db/blob/master/jsc/CVE-2016-1857.md
Short Name
HTTP:STC:APPLE-SAFARI-PARAM-UAF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
After Apple CVE-2016-1857 Free Safari Use name parameter
Release Date
05/18/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Webkitgtk
Apple
CVSS Score
6.8