Lucene search
HistoryApr 10, 2015 - 2:59 p.m.
CVE-2015-1126
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.917
Percentile
99.0%
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Affected configurations
Node
appleiphone_osRange≤8.2
Node
applesafariRange≤6.2.4
ORapplesafariMatch7.0
ORapplesafariMatch7.0.1
ORapplesafariMatch7.0.2
ORapplesafariMatch7.0.3
ORapplesafariMatch7.0.4
ORapplesafariMatch7.0.5
ORapplesafariMatch7.0.6
ORapplesafariMatch7.1.0
ORapplesafariMatch7.1.1
ORapplesafariMatch7.1.2
ORapplesafariMatch7.1.3
ORapplesafariMatch7.1.4
ORapplesafariMatch8.0.0
ORapplesafariMatch8.0.1
ORapplesafariMatch8.0.2
ORapplesafariMatch8.0.3
ORapplesafariMatch8.0.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | safari | * | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
| apple | safari | 7.0 | cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:* |
| apple | safari | 7.0.1 | cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:* |
| apple | safari | 7.0.2 | cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:* |
| apple | safari | 7.0.3 | cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:* |
| apple | safari | 7.0.4 | cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:* |
| apple | safari | 7.0.5 | cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:* |
| apple | safari | 7.0.6 | cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:* |
| apple | safari | 7.1.0 | cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2015-1126
2015-04-10 00:00:00
threatpost
threatpost
Apple Fixes Cookie Access Vulnerability in Safari on Billions of Devices
2015-04-14 15:02:12
checkpoint_advisories
checkpoint_advisories
Apple Safari URL Handling Cross-Origin Security Bypass (CVE-2015-1126)
2015-08-16 00:00:00
cvelist
cvelist
CVE-2015-1126
2015-04-10 14:00:00
metasploit
metasploit
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
2015-04-19 16:32:37
cve
cve
CVE-2015-1126
2015-04-10 14:59:39
prion
prion
Design/Logic Flaw
2015-04-10 14:59:00
packetstorm
packetstorm
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
2024-08-31 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities -01 (Apr 2015) - Mac OS X
2015-04-23 00:00:00
Mageia: Security Advisory (MGASA-2016-0116)
2016-03-31 00:00:00
nessus
nessus
Safari < 6.2.5 / 7.1.5 / 8.0.5 Multiple Vulnerabilities
2015-04-17 00:00:00
Mac OS X : Apple Safari < 6.2.5 / 7.1.5 / 8.0.5 Multiple Vulnerabilities
2015-04-10 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
2015-04-08 00:00:00
Apple Safari / Webkit multiple security vulnerabilities
2015-04-19 00:00:00
APPLE-SA-2015-04-08-3 iOS 8.3
2015-04-17 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.917
Percentile
99.0%
Related for NVD:CVE-2015-1126