| Vulnerability Name: | CVE-2015-7081 (CCN-108761) | ||||||||
| Assigned: | 2015-12-08 | ||||||||
| Published: | 2015-12-08 | ||||||||
| Updated: | 2017-09-13 | ||||||||
| Summary: | iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="https://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a> | ||||||||
| CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-7081 Source: APPLE Type: Vendor Advisory APPLE-SA-2015-12-08-1 Source: APPLE Type: Vendor Advisory APPLE-SA-2015-12-08-3 Source: SECTRACK Type: UNKNOWN 1034344 Source: XF Type: UNKNOWN macosx-cve20157081-info-disc(108761) Source: CCN Type: Apple Web site About the security content of OS X El Capitan 10.11.2 and Security Update 2015-008 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT205635 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT205637 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||