4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.942 High
EPSS
Percentile
99.2%
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x
before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo
field in FTP URLs, which allows remote attackers to trigger incorrect
resource access via unspecified vectors.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
launchpad.net/bugs/cve/CVE-2015-1126
nvd.nist.gov/vuln/detail/CVE-2015-1126
security-tracker.debian.org/tracker/CVE-2015-1126
support.apple.com/HT204658
support.apple.com/HT204661
www.cve.org/CVERecord?id=CVE-2015-1126