| Vulnerability Name: | CVE-2015-5825 (CCN-106504) | ||||||||||||||||||||||||
| Assigned: | 2015-09-16 | ||||||||||||||||||||||||
| Published: | 2015-09-16 | ||||||||||||||||||||||||
| Updated: | 2016-12-22 | ||||||||||||||||||||||||
| Summary: | WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-5825 Source: APPLE Type: Vendor Advisory APPLE-SA-2015-09-16-1 Source: APPLE Type: Vendor Advisory APPLE-SA-2015-09-30-2 Source: SUSE Type: UNKNOWN openSUSE-SU-2016:0761 Source: BID Type: UNKNOWN 76766 Source: CCN Type: BID-76766 WebKit APPLE-SA-2015-09-16-1 Multiple Security Vulnerabilities Source: SECTRACK Type: UNKNOWN 1033609 Source: XF Type: UNKNOWN appleios-cve20155825-info-disc(106504) Source: CCN Type: Apple Web site About the security content of iOS 9 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT205212 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT205265 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||