Lucene search
Ubuntu.comUB:CVE-2015-1156HistoryMay 08, 2015 - 12:00 a.m.
CVE-2015-1156
2015-05-0800:00:00
ubuntu.com
ubuntu.com
6
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.9%
The page-loading implementation in WebKit, as used in Apple Safari before
6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the
rel attribute in an A element, which allows remote attackers to bypass the
Same Origin Policy for a link’s target, and spoof the user interface, via a
crafted web site.
Notes
| Author | Note |
|---|---|
| jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
Related
prion
prion
Design/Logic Flaw
2015-05-08 00:59:00
cve
cve
CVE-2015-1156
2015-05-08 00:59:04
cvelist
cvelist
CVE-2015-1156
2015-05-08 00:00:00
nvd
nvd
CVE-2015-1156
2015-05-08 00:59:04
nessus
nessus
Mac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
2015-05-08 00:00:00
Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
2015-09-17 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities -01 (May 2015) - Mac OS X
2015-05-11 00:00:00
Mageia: Security Advisory (MGASA-2016-0116)
2016-03-31 00:00:00
threatpost
threatpost
Apple Fixes WebKit Vulnerabilities in Safari Browser
2015-05-07 10:49:05
securityvulns
securityvulns
Apple Safari / Webkit multiple security vulnerabilities
2015-05-10 00:00:00
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
2015-05-10 00:00:00
Apple iOS multiple security vulnerabilities
2015-07-05 00:00:00
kaspersky
kaspersky
KLA10573 Multiple vulnerabilities in Apple Safari
2015-05-07 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.9%
Related for UB:CVE-2015-1156