Vulnerability CVE-2015-3115

Vulnerability Name:

CVE-2015-3115 (CCN-104479)

Assigned:

2015-07-08

Published:

2015-07-08

Updated:

2017-09-22

Summary:

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-284

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2015-3115

Source: CCN
Type: Google Chrome Releases Web site
Android WebView Beta Update Android WebView Beta Update Android WebView Beta Update Android WebView Beta Update

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1211

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1214

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1214

Source: BID
Type: UNKNOWN
75594

Source: CCN
Type: BID-75594
Adobe Flash Player and AIR Multiple Cross Domain Information Disclosure Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1032810

Source: XF
Type: UNKNOWN
adobe-flash-cve20153115-sec-bypass(104479)

Source: CCN
Type: Adobe Security Bulletin APSB15-16
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

Source: GENTOO
Type: UNKNOWN
GLSA-201507-13

Source: CCN
Type: Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-3115

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.468)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 13.0.0.289)

OR cpe:/a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version <= 18.0.0.144)

OR cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version <= 18.0.0.144)

OR cpe:/a:adobe:air_sdk_&_compiler:*:*:*:*:*:*:*:* (Version <= 18.0.0.144)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55542	P	Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate) (in QA)	2023-04-20
oval:org.opensuse.security:def:55533	P	Security update for the Linux Kernel (Important)	2023-04-18
oval:org.opensuse.security:def:20153115	V	CVE-2015-3115	2022-05-20
oval:org.opensuse.security:def:55994	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:55316	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:56092	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:55261	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:47181	P	xen-4.7.0_12-23.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47252	P	expat-2.1.0-20.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47086	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47890	P	squashfs-4.3-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46940	P	fontconfig-2.11.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47150	P	ruby-2.1-1.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47944	P	alsa-1.0.27.2-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47024	P	libgraphite2-3-1.3.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:57487	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:55926	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:11235	P	Security update for roundcubemail (Important)	2021-07-02
oval:org.opensuse.security:def:55913	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:46579	P	stunnel-5.00-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12186	P	libasan2-32bit-5.3.1+r233831-12.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11303	P	fuse-2.9.3-3.65 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11459	P	socat-1.7.2.4-1.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46726	P	libgc1-7.2d-3.77 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11526	P	emacs-24.3-14.44 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12208	P	libgypsy0-0.9-6.24 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11350	P	libXxf86vm1-1.1.3-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11484	P	xorg-x11-server-7.6_1.15.2-12.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11365	P	libgnomesu-1.0.0-352.84 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46488	P	libjavascriptcoregtk-3_0-0-2.2.7-3.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11548	P	gnome-shell-3.10.4-40.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11384	P	libopenssl1_0_0-1.0.1i-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11227	P	Security update for inn (Moderate)	2021-06-07
oval:org.opensuse.security:def:56018	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:55875	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:57561	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:54688	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:54687	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:28863	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:46356	P	libslurm29-16.05.8.1-5.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:11257	P	python-pymongo-2.6.3-2.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:24346	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:24672	P	Security update for virglrenderer (Important)	2020-12-01
oval:org.opensuse.security:def:54471	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55044	P	xorg-x11-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55709	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:54192	P	facter on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24336	P	Security update for openslp (Important)	2020-12-01
oval:org.opensuse.security:def:55088	P	cyrus-sasl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55818	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:52831	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53514	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:27964	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:46044	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:28167	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28898	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:27243	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27574	P	trousers-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27911	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:46030	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27734	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28079	P	Security update for gcc43 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25103	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:27231	P	libzip1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24409	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:24755	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:54493	P	hardlink on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55150	P	iputils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53999	P	libXext6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55468	P	Security update for freetype2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54470	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53069	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53799	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:28008	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:46164	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28181	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27307	P	tcpdump on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27658	P	Security update for quagga	2020-12-01
oval:org.opensuse.security:def:27460	P	libmpfr1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27791	P	Security update for libgadu	2020-12-01
oval:org.opensuse.security:def:28128	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25741	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:27232	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27448	P	libgnomesu-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24535	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:24905	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:56130	P	Security update for libXdmcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:54633	P	mipv6d on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54073	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54710	P	xorg-x11-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55367	P	python3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52669	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53242	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53907	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28646	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:28225	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:27435	P	libblkid-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27809	P	Security update for libqt4	2020-12-01
oval:org.opensuse.security:def:27524	P	openCryptoki on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27875	P	Security update for rubygem-activesupport	2020-12-01
oval:org.opensuse.security:def:25045	P	Security update for libcaca (Moderate)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:55801	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:57270	P	Security update for Xen and libvirt	2020-12-01
oval:org.opensuse.security:def:27449	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24616	P	Recommended update for adcli, sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:24958	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:56211	P	Security update for file (Moderate)	2020-12-01
oval:org.opensuse.security:def:54871	P	libhogweed2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55601	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:54111	P	python-pyOpenSSL on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54850	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52691	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53348	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:27950	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28681	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:46031	P	Security update for krb5-appl (Important)	2020-12-01
oval:org.opensuse.security:def:52668	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:27517	P	mozilla-nss-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27862	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:27652	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:28026	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25059	P	Security update for apache2-mod_auth_openidc (Important)	2020-12-01
oval:org.opensuse.security:def:57344	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:79978	P	Security update for flash-player (Critical)	2015-07-09
oval:com.ubuntu.precise:def:20153115000	V	CVE-2015-3115 on Ubuntu 12.04 LTS (precise) - medium.	2015-07-09
oval:org.opensuse.security:def:80195	P	Security update for flash-player (Critical)	2015-07-09
oval:com.ubuntu.trusty:def:20153115000	V	CVE-2015-3115 on Ubuntu 14.04 LTS (trusty) - medium.	2015-07-09
oval:com.redhat.rhsa:def:20151214	P	RHSA-2015:1214: flash-plugin security update (Critical)	2015-07-08
oval:org.opensuse.security:def:78176	P	Security update for flash-player (Critical)	2015-07-08

BACK