6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.017 Low
EPSS
Percentile
87.4%
The SQLite authorizer in the Storage functionality in WebKit in Apple
Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in
Apple iOS before 8.4 and other products, does not properly restrict access
to SQL functions, which allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a crafted web site.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
lists.apple.com/archives/security-announce/2015/Jun/msg00004.html
support.apple.com/kb/HT204941
support.apple.com/kb/HT204950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659
launchpad.net/bugs/cve/CVE-2015-3659
nvd.nist.gov/vuln/detail/CVE-2015-3659
security-tracker.debian.org/tracker/CVE-2015-3659
ubuntu.com/security/notices/USN-2937-1