Lucene search

[email protected]CVE-2015-5788

HistorySep 18, 2015 - 10:59 a.m.

CVE-2015-5788

2015-09-1810:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-5788

webkit

canvas

apple ios

same origin policy

remote attackers

sensitive image information

nvd

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.4%

JSON

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.

CPENameOperatorVersion
apple:iphone_osapple iphone osle8.4.1
apple:safariapple safarile8.0.8

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	8.4.1
apple:safari	apple safari	le	8.0.8

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00007.html

lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

www.securityfocus.com/bid/76766

www.securitytracker.com/id/1033609

www.ubuntu.com/usn/USN-2937-1

support.apple.com/HT205212

support.apple.com/HT205265

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2015-5788

ubuntucve1 prion1 fedora5 nessus9 openvas7 ubuntu1 mageia2 securityvulns4