Lucene search

[email protected]CVE-2015-5826

HistorySep 18, 2015 - 10:59 a.m.

CVE-2015-5826

2015-09-1810:59:45

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-5826

webkit

apple

ios

same origin policy

css

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Affected configurations

NVD

Node

applesafariRange≤8.0.8

Node

appleiphone_osRange≤8.4.1

CPENameOperatorVersion
apple:safariapple safarile8.0.8

CPE	Name	Operator	Version
apple:safari	apple safari	le	8.0.8

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00007.html

www.securityfocus.com/bid/76766

www.securitytracker.com/id/1033609

support.apple.com/HT205212

support.apple.com/HT205265

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2015-5826

ubuntucve1 nvd1 cvelist1 prion1 openvas1 nessus2 securityvulns4