cvelistv5 - cve-2015-1126

CVE-2015-1126 (GCVE-0-2015-1126)

Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT204658	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securitytracker.com/id/1032047	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT204661	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204658"
          },
          {
            "name": "APPLE-SA-2015-04-08-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
          },
          {
            "name": "APPLE-SA-2015-04-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
          },
          {
            "name": "1032047",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032047"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT204661"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-13T14:57:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204658"
        },
        {
          "name": "APPLE-SA-2015-04-08-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
        },
        {
          "name": "APPLE-SA-2015-04-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
        },
        {
          "name": "1032047",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032047"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT204661"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204658",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204658"
            },
            {
              "name": "APPLE-SA-2015-04-08-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
            },
            {
              "name": "1032047",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032047"
            },
            {
              "name": "https://support.apple.com/HT204661",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT204661"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2015-1126",
    "datePublished": "2015-04-10T14:00:00",
    "dateReserved": "2015-01-16T00:00:00",
    "dateUpdated": "2024-08-06T04:33:20.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.2\", \"matchCriteriaId\": \"C0340315-35F7-4736-854B-852916D00673\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.2.4\", \"matchCriteriaId\": \"E082F5D0-4261-4D84-8E4C-9D425028BFDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"391B4255-4434-4EB3-929B-3E593D9CD249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40B87D10-55B3-42E7-8FF6-93EDF003337D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49457917-495E-4D17-A0AB-D2A163D4721D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"223B13DA-9328-46C2-8426-3182D55E6669\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD636DF3-E590-4603-9D18-CC2375A97750\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79C2EF49-A9F0-4612-903A-A3A95805277E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"845A67F0-7BE6-482C-AE49-D8E9B272BA6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A5C7D83-EA9E-4E26-910D-8471252723EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FDB5E2A-F3BD-4500-922E-A191C45DE93C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2015-1126",
      "lastModified": "2024-11-21T02:24:43.833",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-04-10T14:59:39.713",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032047\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT204658\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT204661\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032047\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT204658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT204661\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1126\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2015-04-10T14:59:39.713\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.2\",\"matchCriteriaId\":\"C0340315-35F7-4736-854B-852916D00673\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.2.4\",\"matchCriteriaId\":\"E082F5D0-4261-4D84-8E4C-9D425028BFDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"391B4255-4434-4EB3-929B-3E593D9CD249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B87D10-55B3-42E7-8FF6-93EDF003337D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49457917-495E-4D17-A0AB-D2A163D4721D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"223B13DA-9328-46C2-8426-3182D55E6669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD636DF3-E590-4603-9D18-CC2375A97750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C2EF49-A9F0-4612-903A-A3A95805277E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"845A67F0-7BE6-482C-AE49-D8E9B272BA6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A5C7D83-EA9E-4E26-910D-8471252723EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FDB5E2A-F3BD-4500-922E-A191C45DE93C\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032047\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT204658\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204661\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT204658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT204661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2015-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 8.3
Apple	N/A	Apple TV versions antérieures à 7.2
Apple	N/A	Apple Xcode versions antérieures à 6.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204662 du 08 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204661 du 08 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204663 du 08 avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1076"
    },
    {
      "name": "CVE-2015-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1126"
    },
    {
      "name": "CVE-2015-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1073"
    },
    {
      "name": "CVE-2015-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1095"
    },
    {
      "name": "CVE-2015-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
    },
    {
      "name": "CVE-2015-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1125"
    },
    {
      "name": "CVE-2015-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1115"
    },
    {
      "name": "CVE-2015-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1084"
    },
    {
      "name": "CVE-2015-1092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1092"
    },
    {
      "name": "CVE-2015-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1107"
    },
    {
      "name": "CVE-2015-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1122"
    },
    {
      "name": "CVE-2015-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
    },
    {
      "name": "CVE-2015-1078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1078"
    },
    {
      "name": "CVE-2015-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1096"
    },
    {
      "name": "CVE-2015-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
    },
    {
      "name": "CVE-2015-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
    },
    {
      "name": "CVE-2015-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1103"
    },
    {
      "name": "CVE-2015-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1106"
    },
    {
      "name": "CVE-2015-1074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1074"
    },
    {
      "name": "CVE-2015-1070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1070"
    },
    {
      "name": "CVE-2015-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1113"
    },
    {
      "name": "CVE-2015-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1077"
    },
    {
      "name": "CVE-2015-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
    },
    {
      "name": "CVE-2015-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
    },
    {
      "name": "CVE-2015-1118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1118"
    },
    {
      "name": "CVE-2015-1085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1085"
    },
    {
      "name": "CVE-2015-1081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1081"
    },
    {
      "name": "CVE-2015-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1079"
    },
    {
      "name": "CVE-2015-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
    },
    {
      "name": "CVE-2015-1068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1068"
    },
    {
      "name": "CVE-2015-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1120"
    },
    {
      "name": "CVE-2015-1082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1082"
    },
    {
      "name": "CVE-2015-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
    },
    {
      "name": "CVE-2015-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1097"
    },
    {
      "name": "CVE-2015-1087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1087"
    },
    {
      "name": "CVE-2015-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
    },
    {
      "name": "CVE-2015-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1094"
    },
    {
      "name": "CVE-2015-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1071"
    },
    {
      "name": "CVE-2015-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
    },
    {
      "name": "CVE-2015-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1072"
    },
    {
      "name": "CVE-2015-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
    },
    {
      "name": "CVE-2015-1090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1090"
    },
    {
      "name": "CVE-2015-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
    },
    {
      "name": "CVE-2015-1080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1080"
    },
    {
      "name": "CVE-2015-1112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1112"
    },
    {
      "name": "CVE-2015-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1119"
    },
    {
      "name": "CVE-2015-1110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1110"
    },
    {
      "name": "CVE-2015-1111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1111"
    },
    {
      "name": "CVE-2015-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1124"
    },
    {
      "name": "CVE-2015-1086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1086"
    },
    {
      "name": "CVE-2015-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1121"
    },
    {
      "name": "CVE-2015-1108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1108"
    },
    {
      "name": "CVE-2015-1123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1123"
    },
    {
      "name": "CVE-2015-1149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1149"
    },
    {
      "name": "CVE-2015-1116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1116"
    },
    {
      "name": "CVE-2015-1083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1083"
    },
    {
      "name": "CVE-2015-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1109"
    },
    {
      "name": "CVE-2015-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1114"
    },
    {
      "name": "CVE-2015-1069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1069"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204662 du 08 avril 2015",
      "url": "https://support.apple.com/en-us/HT204662"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204661 du 08 avril 2015",
      "url": "https://support.apple.com/en-us/HT204661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204663 du 08 avril 2015",
      "url": "https://support.apple.com/en-us/HT204663"
    }
  ]
}

CERTFR-2015-AVI-147

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 8.3
Apple	N/A	Apple TV versions antérieures à 7.2
Apple	N/A	Apple Xcode versions antérieures à 6.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204662 du 08 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204661 du 08 avril 2015	None	vendor-advisory
Bulletin de sécurité Apple HT204663 du 08 avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple TV versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Xcode versions ant\u00e9rieures \u00e0 6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1076"
    },
    {
      "name": "CVE-2015-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1126"
    },
    {
      "name": "CVE-2015-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1073"
    },
    {
      "name": "CVE-2015-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1095"
    },
    {
      "name": "CVE-2015-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
    },
    {
      "name": "CVE-2015-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1125"
    },
    {
      "name": "CVE-2015-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1115"
    },
    {
      "name": "CVE-2015-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1084"
    },
    {
      "name": "CVE-2015-1092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1092"
    },
    {
      "name": "CVE-2015-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1107"
    },
    {
      "name": "CVE-2015-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1122"
    },
    {
      "name": "CVE-2015-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
    },
    {
      "name": "CVE-2015-1078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1078"
    },
    {
      "name": "CVE-2015-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1096"
    },
    {
      "name": "CVE-2015-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
    },
    {
      "name": "CVE-2015-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
    },
    {
      "name": "CVE-2015-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1103"
    },
    {
      "name": "CVE-2015-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1106"
    },
    {
      "name": "CVE-2015-1074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1074"
    },
    {
      "name": "CVE-2015-1070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1070"
    },
    {
      "name": "CVE-2015-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1113"
    },
    {
      "name": "CVE-2015-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1077"
    },
    {
      "name": "CVE-2015-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
    },
    {
      "name": "CVE-2015-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
    },
    {
      "name": "CVE-2015-1118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1118"
    },
    {
      "name": "CVE-2015-1085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1085"
    },
    {
      "name": "CVE-2015-1081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1081"
    },
    {
      "name": "CVE-2015-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1079"
    },
    {
      "name": "CVE-2015-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
    },
    {
      "name": "CVE-2015-1068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1068"
    },
    {
      "name": "CVE-2015-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1120"
    },
    {
      "name": "CVE-2015-1082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1082"
    },
    {
      "name": "CVE-2015-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
    },
    {
      "name": "CVE-2015-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1097"
    },
    {
      "name": "CVE-2015-1087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1087"
    },
    {
      "name": "CVE-2015-1088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
    },
    {
      "name": "CVE-2015-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1094"
    },
    {
      "name": "CVE-2015-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1071"
    },
    {
      "name": "CVE-2015-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
    },
    {
      "name": "CVE-2015-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1072"
    },
    {
      "name": "CVE-2015-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
    },
    {
      "name": "CVE-2015-1090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1090"
    },
    {
      "name": "CVE-2015-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
    },
    {
      "name": "CVE-2015-1080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1080"
    },
    {
      "name": "CVE-2015-1112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1112"
    },
    {
      "name": "CVE-2015-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1119"
    },
    {
      "name": "CVE-2015-1110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1110"
    },
    {
      "name": "CVE-2015-1111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1111"
    },
    {
      "name": "CVE-2015-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1124"
    },
    {
      "name": "CVE-2015-1086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1086"
    },
    {
      "name": "CVE-2015-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1121"
    },
    {
      "name": "CVE-2015-1108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1108"
    },
    {
      "name": "CVE-2015-1123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1123"
    },
    {
      "name": "CVE-2015-1149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1149"
    },
    {
      "name": "CVE-2015-1116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1116"
    },
    {
      "name": "CVE-2015-1083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1083"
    },
    {
      "name": "CVE-2015-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1109"
    },
    {
      "name": "CVE-2015-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1114"
    },
    {
      "name": "CVE-2015-1069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1069"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-147",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204662 du 08 avril 2015",
      "url": "https://support.apple.com/en-us/HT204662"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204661 du 08 avril 2015",
      "url": "https://support.apple.com/en-us/HT204661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204663 du 08 avril 2015",
      "url": "https://support.apple.com/en-us/HT204663"
    }
  ]
}

CERTFR-2015-AVI-141

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple Safari. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari 6.2.5
Apple	Safari	Safari 7.1.5
Apple	Safari	Safari 8.0.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204658 du 09 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari 6.2.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari 7.1.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari 8.0.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1126"
    },
    {
      "name": "CVE-2015-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1122"
    },
    {
      "name": "CVE-2015-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1129"
    },
    {
      "name": "CVE-2015-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1120"
    },
    {
      "name": "CVE-2015-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1128"
    },
    {
      "name": "CVE-2015-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1127"
    },
    {
      "name": "CVE-2015-1112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1112"
    },
    {
      "name": "CVE-2015-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1119"
    },
    {
      "name": "CVE-2015-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1124"
    },
    {
      "name": "CVE-2015-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1121"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-141",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Safari\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204658 du 09 avril 2015",
      "url": "https://support.apple.com/en-us/HT204658"
    }
  ]
}

CERTFR-2015-AVI-141

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari 6.2.5
Apple	Safari	Safari 7.1.5
Apple	Safari	Safari 8.0.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT204658 du 09 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari 6.2.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari 7.1.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari 8.0.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1126"
    },
    {
      "name": "CVE-2015-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1122"
    },
    {
      "name": "CVE-2015-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1129"
    },
    {
      "name": "CVE-2015-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1120"
    },
    {
      "name": "CVE-2015-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1128"
    },
    {
      "name": "CVE-2015-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1127"
    },
    {
      "name": "CVE-2015-1112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1112"
    },
    {
      "name": "CVE-2015-1119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1119"
    },
    {
      "name": "CVE-2015-1124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1124"
    },
    {
      "name": "CVE-2015-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1121"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-141",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Safari\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT204658 du 09 avril 2015",
      "url": "https://support.apple.com/en-us/HT204658"
    }
  ]
}

VAR-201504-0144

Vulnerability from variot - Updated: 2023-12-18 11:13

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. Apple iOS and Apple Safari Used in etc. WebKit Is FTP URL of userinfo A vulnerability exists that could lead to unauthorized access to resources due to improper handling of fields.A third party may be able to trigger access to unauthorized resources. WebKit is prone to a security bypass vulnerability. Attackers can exploit this issue to bypass security restrictions; other attacks are also possible. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A remote attacker could use a specially crafted Web site to exploit this vulnerability to access restricted resources. The following products and versions are affected: Apple iOS 8.2 and earlier, Apple Safari 6.2.4 and earlier, 7.x before 7.1.5, and 8.x before 8.0.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5

Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address the following:

Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed by improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a.

Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Notifications preferences may reveal users' browsing history in private browsing mode Description: Responding to push notification requests in private browsing mode revealed users' browsing history. This issue was addressed by disabling push notification prompts in private browsing mode. CVE-ID CVE-2015-1128 : Joseph Winn of Credit Union Geek

Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users' browsing history may not be completely purged Description: A state management issue existed in Safari that resulted in users' browsing history not being purged from history.plist. This issue was addressed by improved state management. CVE-ID CVE-2015-1112 : William Breuer, The Netherlands

WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1124 : Apple

WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users' browsing history in private mode may be indexed Description: A state management issue existed in Safari that inadvertently indexed users' browsing history when in private browsing mode. This issue was addressed by improved state management. CVE-ID CVE-2015-1127 : Tyler C

WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Visiting a maliciously crafted website may lead to resources of another origin being accessed Description: An issue existed in WebKit's credential handling for FTP URLs. This issue was addressed by improved URL decoding. CVE-ID CVE-2015-1126 : Jouko Pynnonen of Klikki Oy

Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVJG6MAAoJEBcWfLTuOo7tL3cP/RVZlw3sp/ze1r1hSxcezN/Z w/uAPiqzud607Aqqwsg1YI4WzqCoIVLEb6N40eNGn7aTFkgOrBlYhsxTNHNnx2cM 3/HkDKMZo0bhO/fIqa9YfyG/KbgFKQMM0/eECNccEkQp6/DLHLJIwS0+QW0oBZ9q m9bBNTHFQxvJA9or3cn/eFV1zWVvr5RjpwR595tzWpYLIbIqTX901VAbBMOKvqtl 8b5NMmLNoEmfKGWWRqa5RmguFNnnANi3m+6PgU6fNU82dm8mif+ONDhDeyC43MH0 cxeeKZcWBGdYel9C/ctSF9SsnKhqAukIMoMppYLLL8AFHBPd504w1oXoS6UiE/go GrCXwzyxOklGQriyeMS/nsSn+AryJzQP3hXgWjAd8HuSIKCff9iaZBk5OxjK1Cwi k0zSx0qDJAHo1nlUhawYjQVhD7QEtkV7QO6hb4W22h5r/0MJGNuPsh9Mw2u6gIW6 l+p2x3D64xjfh+EclWerMhN+tqBR3RokkdkvNxhStdsz6dkA21ynaHMiaYN3lff7 DDINEP6dDiLi8AGP9P9pjYl3wMVgVTyFgMGL7cUMx8GIrm4pp8YAkhj2yWOM/ns0 Mycgrf+h0tFZYTvvojWlyo4rqx9J8te7dEiHjmg8l0OrOHXzmqQhDwOIWbH8fIGO CfE7FxlOHEHgzh+bzKvG =Df4l -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0144",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "8.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "8.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "8.0.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.2.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.0"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "6.2.4"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.5   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.5   (os x mountain lion v10.8.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.5   (os x yosemite v10.10.2)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.5   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.5   (os x mountain lion v10.8.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.5   (os x yosemite v10.10.2)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.0.5   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.0.5   (os x mountain lion v10.8.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.0.5   (os x yosemite v10.10.2)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.31"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.34"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.52"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.31"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.28"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.33"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.30"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "73977"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jouko Pynnonen of Klikki Oy",
    "sources": [
      {
        "db": "BID",
        "id": "73977"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1126",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1126",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-79086",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1126",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-151",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79086",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. Apple iOS and Apple Safari Used in etc. WebKit Is FTP URL of userinfo A vulnerability exists that could lead to unauthorized access to resources due to improper handling of fields.A third party may be able to trigger access to unauthorized resources. WebKit is prone to a security bypass vulnerability. \nAttackers can exploit this issue to bypass security restrictions; other attacks are also possible. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A remote attacker could use a specially crafted Web site to exploit this vulnerability to access restricted resources. The following products and versions are affected: Apple iOS 8.2 and earlier, Apple Safari 6.2.4 and earlier, 7.x before 7.1.5, and 8.x before 8.0.5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5\n\nSafari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and\naddress the following:\n\nSafari\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact:  Users may be tracked by malicious websites using client\ncertificates\nDescription:  An issue existed in Safari\u0027s client certificate\nmatching for SSL authentication. This issue was addressed by improved\nmatching of valid client certificates. \nCVE-ID\nCVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut\nof Whatever s.a. \n\nSafari\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact:  Notifications preferences may reveal users\u0027 browsing history\nin private browsing mode\nDescription:  Responding to push notification requests in private\nbrowsing mode revealed users\u0027 browsing history. This issue was\naddressed by disabling push notification prompts in private browsing\nmode. \nCVE-ID\nCVE-2015-1128 : Joseph Winn of Credit Union Geek\n\nSafari\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact:  Users\u0027 browsing history may not be completely purged\nDescription:  A state management issue existed in Safari that\nresulted in users\u0027 browsing history not being purged from\nhistory.plist. This issue was addressed by improved state management. \nCVE-ID\nCVE-2015-1112 : William Breuer, The Netherlands\n\nWebKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung\nElectronics\nCVE-2015-1120 : Apple\nCVE-2015-1121 : Apple\nCVE-2015-1122 : Apple\nCVE-2015-1124 : Apple\n\nWebKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact:  Users\u0027 browsing history in private mode may be indexed\nDescription:  A state management issue existed in Safari that\ninadvertently indexed users\u0027 browsing history when in private\nbrowsing mode. This issue was addressed by improved state management. \nCVE-ID\nCVE-2015-1127 : Tyler C\n\nWebKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.2\nImpact:  Visiting a maliciously crafted website may lead to resources\nof another origin being accessed\nDescription:  An issue existed in WebKit\u0027s credential handling for\nFTP URLs. This issue was addressed by improved URL decoding. \nCVE-ID\nCVE-2015-1126 : Jouko Pynnonen of Klikki Oy\n\nSafari 8.0.5, Safari 7.1.5, and Safari 6.2.5 may be obtained from\nthe Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJG6MAAoJEBcWfLTuOo7tL3cP/RVZlw3sp/ze1r1hSxcezN/Z\nw/uAPiqzud607Aqqwsg1YI4WzqCoIVLEb6N40eNGn7aTFkgOrBlYhsxTNHNnx2cM\n3/HkDKMZo0bhO/fIqa9YfyG/KbgFKQMM0/eECNccEkQp6/DLHLJIwS0+QW0oBZ9q\nm9bBNTHFQxvJA9or3cn/eFV1zWVvr5RjpwR595tzWpYLIbIqTX901VAbBMOKvqtl\n8b5NMmLNoEmfKGWWRqa5RmguFNnnANi3m+6PgU6fNU82dm8mif+ONDhDeyC43MH0\ncxeeKZcWBGdYel9C/ctSF9SsnKhqAukIMoMppYLLL8AFHBPd504w1oXoS6UiE/go\nGrCXwzyxOklGQriyeMS/nsSn+AryJzQP3hXgWjAd8HuSIKCff9iaZBk5OxjK1Cwi\nk0zSx0qDJAHo1nlUhawYjQVhD7QEtkV7QO6hb4W22h5r/0MJGNuPsh9Mw2u6gIW6\nl+p2x3D64xjfh+EclWerMhN+tqBR3RokkdkvNxhStdsz6dkA21ynaHMiaYN3lff7\nDDINEP6dDiLi8AGP9P9pjYl3wMVgVTyFgMGL7cUMx8GIrm4pp8YAkhj2yWOM/ns0\nMycgrf+h0tFZYTvvojWlyo4rqx9J8te7dEiHjmg8l0OrOHXzmqQhDwOIWbH8fIGO\nCfE7FxlOHEHgzh+bzKvG\n=Df4l\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "BID",
        "id": "73977"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "db": "PACKETSTORM",
        "id": "131358"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1126",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1032047",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91828320",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "73977",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-79086",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131358",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "db": "BID",
        "id": "73977"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "PACKETSTORM",
        "id": "131358"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "id": "VAR-201504-0144",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:13:37.765000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00000.html"
      },
      {
        "title": "APPLE-SA-2015-04-08-3 iOS 8.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html"
      },
      {
        "title": "HT204658",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204658"
      },
      {
        "title": "HT204661",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht204661"
      },
      {
        "title": "HT204658",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204658"
      },
      {
        "title": "HT204661",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht204661"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204658"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204661"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032047"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1126"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91828320/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1126"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://www.webkit.org/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht204661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1120"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1121"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1112"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1119"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1124"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1128"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1126"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1129"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "db": "BID",
        "id": "73977"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "PACKETSTORM",
        "id": "131358"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "db": "BID",
        "id": "73977"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "db": "PACKETSTORM",
        "id": "131358"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "date": "2015-04-08T00:00:00",
        "db": "BID",
        "id": "73977"
      },
      {
        "date": "2015-04-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "date": "2015-04-09T16:23:44",
        "db": "PACKETSTORM",
        "id": "131358"
      },
      {
        "date": "2015-04-10T14:59:39.713000",
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79086"
      },
      {
        "date": "2015-04-08T00:00:00",
        "db": "BID",
        "id": "73977"
      },
      {
        "date": "2015-04-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      },
      {
        "date": "2015-09-11T17:57:26.173000",
        "db": "NVD",
        "id": "CVE-2015-1126"
      },
      {
        "date": "2015-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  Apple Safari Used in etc.  WebKit Vulnerable to access to unauthorized resources",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002155"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-151"
      }
    ],
    "trust": 0.6
  }
}

GHSA-R4C3-86WX-HVPP

Vulnerability from github – Published: 2022-05-17 04:07 – Updated: 2022-05-17 04:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-10T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.",
  "id": "GHSA-r4c3-86wx-hvpp",
  "modified": "2022-05-17T04:07:43Z",
  "published": "2022-05-17T04:07:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1126"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204658"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204661"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-02347

Vulnerability from cnvd - Published: 2015-04-13

Title

Apple Safari不正确处理FTP URL验证凭据漏洞

Description

Apple Safari是一款流行的WEB浏览器。 Apple Safari未能正确处理FTP URL验证凭据漏洞，允许攻击者利用漏洞访问其他受限资源。

Severity

中

Patch Name

Apple Safari不正确处理FTP URL验证凭据漏洞的补丁

Patch Description

Apple Safari是一款流行的WEB浏览器。Apple Safari未能正确处理FTP URL验证凭据漏洞，允许攻击者利用漏洞访问其他受限资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前Apple Safari 8.0.5, Safari 7.1.5和Safari 6.2.5已经修复了此安全问题，建议用户到厂商主页下载使用： https://www.apple.com

Reference

https://support.apple.com/en-us/HT204658

Impacted products

Name
['Apple OS X Mountain Lion v10.8.5', 'Apple OS X Mavericks v10.9.5', 'Apple OS X Yosemite v10.10.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1126"
    }
  },
  "description": "Apple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nApple Safari\u672a\u80fd\u6b63\u786e\u5904\u7406FTP URL\u9a8c\u8bc1\u51ed\u636e\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u5176\u4ed6\u53d7\u9650\u8d44\u6e90\u3002",
  "discovererName": "JoukoPynnonen of Klikki Oy",
  "formalWay": "\u76ee\u524dApple Safari 8.0.5, Safari 7.1.5\u548cSafari 6.2.5\u5df2\u7ecf\u4fee\u590d\u4e86\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u7528\u6237\u5230\u5382\u5546\u4e3b\u9875\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.apple.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02347",
  "openTime": "2015-04-13",
  "patchDescription": "Apple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002Apple Safari\u672a\u80fd\u6b63\u786e\u5904\u7406FTP URL\u9a8c\u8bc1\u51ed\u636e\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u5176\u4ed6\u53d7\u9650\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Safari\u4e0d\u6b63\u786e\u5904\u7406FTP URL\u9a8c\u8bc1\u51ed\u636e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple OS X Mountain Lion v10.8.5",
      "Apple OS X Mavericks v10.9.5",
      "Apple OS X Yosemite v10.10.2"
    ]
  },
  "referenceLink": "https://support.apple.com/en-us/HT204658",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-10",
  "title": "Apple Safari\u4e0d\u6b63\u786e\u5904\u7406FTP URL\u9a8c\u8bc1\u51ed\u636e\u6f0f\u6d1e"
}

GSD-2015-1126

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1126

Aliases

CVE-2015-1126

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1126",
    "description": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.",
    "id": "GSD-2015-1126",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-1126.html",
      "https://advisories.mageia.org/CVE-2015-1126.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1126"
      ],
      "details": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.",
      "id": "GSD-2015-1126",
      "modified": "2023-12-13T01:20:04.947173Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1126",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT204658",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204658"
          },
          {
            "name": "APPLE-SA-2015-04-08-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
          },
          {
            "name": "APPLE-SA-2015-04-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
          },
          {
            "name": "1032047",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032047"
          },
          {
            "name": "https://support.apple.com/HT204661",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204661"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1126"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204658",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204658"
            },
            {
              "name": "APPLE-SA-2015-04-08-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
            },
            {
              "name": "APPLE-SA-2015-04-08-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT204661",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204661"
            },
            {
              "name": "1032047",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032047"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2015-09-11T17:57Z",
      "publishedDate": "2015-04-10T14:59Z"
    }
  }
}

FKIE_CVE-2015-1126

Vulnerability from fkie_nvd - Published: 2015-04-10 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
product-security@apple.com	http://www.securitytracker.com/id/1032047
product-security@apple.com	https://support.apple.com/HT204658	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204661	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032047
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204658	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204661	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	safari	*
apple	safari	7.0
apple	safari	7.0.1
apple	safari	7.0.2
apple	safari	7.0.3
apple	safari	7.0.4
apple	safari	7.0.5
apple	safari	7.0.6
apple	safari	7.1.0
apple	safari	7.1.1
apple	safari	7.1.2
apple	safari	7.1.3
apple	safari	7.1.4
apple	safari	8.0.0
apple	safari	8.0.1
apple	safari	8.0.2
apple	safari	8.0.3
apple	safari	8.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0340315-35F7-4736-854B-852916D00673",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E082F5D0-4261-4D84-8E4C-9D425028BFDA",
              "versionEndIncluding": "6.2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "49457917-495E-4D17-A0AB-D2A163D4721D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "223B13DA-9328-46C2-8426-3182D55E6669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD636DF3-E590-4603-9D18-CC2375A97750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C2EF49-A9F0-4612-903A-A3A95805277E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "845A67F0-7BE6-482C-AE49-D8E9B272BA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5C7D83-EA9E-4E26-910D-8471252723EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FDB5E2A-F3BD-4500-922E-A191C45DE93C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-1126",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-10T14:59:39.713",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1032047"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204658"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204661"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1126 (GCVE-0-2015-1126)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature