CVE-2016-6231

Published: Aug 25, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

Affected (1)

Products: Kaspersky: Safe Browser

Kaspersky

1 product

Safe Browser

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kaspersky Safe Browser	Up to 1.6.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://seclists.org/fulldisclosure/2016/Aug/30

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/539071/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/92200

Source: cve@mitre.org

https://support.kaspersky.com/vulnerability.aspx?el=12430#280716

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/fulldisclosure/2016/Aug/30