Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-3659
HistoryJul 02, 2015 - 12:00 a.m.

CVE-2015-3659

2015-07-0200:00:00
ubuntu.com
ubuntu.com
6

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.4%

The SQLite authorizer in the Storage functionality in WebKit in Apple
Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in
Apple iOS before 8.4 and other products, does not properly restrict access
to SQL functions, which allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a crafted web site.

Notes

Author Note
jdstrand webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchwebkitgtk< 2.4.10-0ubuntu0.14.04.1UNKNOWN
ubuntu15.10noarchwebkitgtk< 2.4.10-0ubuntu0.15.10.1UNKNOWN
ubuntu16.04noarchwebkitgtk< 2.4.10-0ubuntu1UNKNOWN
ubuntu16.10noarchwebkitgtk< 2.4.10-0ubuntu1UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.4%

Related for UB:CVE-2015-3659