Lucene search
HistoryJul 03, 2015 - 1:59 a.m.
CVE-2015-3684
cve-2015-3684
apple
cfnetwork
ios
os x
remote code execution
memory corruption
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.3 Medium
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
88.9%
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
Affected configurations
Node
applemac_os_xRange≤10.10.3
Node
appleiphone_osRange≤8.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:mac_os_x | apple mac os x | le | 10.10.3 |
Related
nvd
nvd
CVE-2015-3684
2015-07-03 01:59:39
prion
prion
Memory corruption
2015-07-03 01:59:00
cvelist
cvelist
CVE-2015-3684
2015-07-03 01:00:00
securityvulns
securityvulns
Apple iOS multiple security vulnerabilities
2015-07-05 00:00:00
APPLE-SA-2015-06-30-1 iOS 8.4
2015-07-05 00:00:00
Apple Mac OS X / EFI multiple security vulnerabilities
2015-07-05 00:00:00
nessus
nessus
Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)
2015-07-01 00:00:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (Jul 2015)
2015-07-10 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.3 Medium
AI Score
Confidence
High
0.02 Low
EPSS
Percentile
88.9%
Related for CVE-2015-3684