CVE-2016-6231

5.9MEDIUM

Key Information:

Vendor: Kaspersky
Status: Safe Browser
Vendor: CVE Published:; 25 August 2016

Summary

Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

References

http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser....

x_refsource_MISC

http://www.securityfocus.com/bid/92200

vdb-entryx_refsource_BID

https://support.kaspersky.com/vulnerability.aspx?el=12430...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 25, 2016
Vulnerability Reserved
Jul 15, 2016