Vulnerability Name: | CVE-2015-1126 (CCN-102123) |
Assigned: | 2015-04-08 |
Published: | 2015-04-08 |
Updated: | 2015-09-11 |
Summary: | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-20
|
Vulnerability Consequences: | Bypass Security |
References: | Source: MITRE Type: CNA CVE-2015-1126
Source: APPLE Type: Vendor Advisory APPLE-SA-2015-04-08-1
Source: APPLE Type: Vendor Advisory APPLE-SA-2015-04-08-3
Source: SECTRACK Type: UNKNOWN 1032047
Source: XF Type: UNKNOWN apple-safari-cve20151126-sec-bypass(102123)
Source: CCN Type: Packet Storm Security [04-12-2015] Safari Cross-Domain Hijacking
Source: CCN Type: Apple Web site About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT204658
Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT204661
|
Vulnerable Configuration: | Configuration 1: cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version <= 8.2) Configuration 2: cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version <= 6.2.4)OR cpe:/a:apple:safari:7.0:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0.3:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0.4:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0.5:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0.6:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.1.0:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.1.1:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.1.2:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.1.3:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.1.4:*:*:*:*:*:*:*OR cpe:/a:apple:safari:8.0.0:*:*:*:*:*:*:*OR cpe:/a:apple:safari:8.0.1:*:*:*:*:*:*:*OR cpe:/a:apple:safari:8.0.2:*:*:*:*:*:*:*OR cpe:/a:apple:safari:8.0.3:*:*:*:*:*:*:*OR cpe:/a:apple:safari:8.0.4:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:apple:safari:6.0:*:*:*:*:*:*:*OR cpe:/a:apple:safari:7.0:*:*:*:*:*:*:*OR cpe:/a:apple:safari:8.0:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |