Lucene search

AppleCVE-2015-7104

HistoryDec 11, 2015 - 12:00 p.m.

CVE-2015-7104

2015-12-1112:00:01

CWE-119

apple

web.nvd.nist.gov

cve-2015-7104

webkit

apple safari

tvos

remote attackers

arbitrary code execution

denial of service

memory corruption

application crash

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Affected configurations

Nvd

Node

appletvosRange≤9.0

Node

applesafariRange≤9.0.1

VendorProductVersionCPE
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	safari	*	cpe:2.3:a:apple:safari::::::::

References

lists.apple.com/archives/security-announce/2015/Dec/msg00001.html

lists.apple.com/archives/security-announce/2015/Dec/msg00003.html

lists.opensuse.org/opensuse-updates/2016-03/msg00054.html

www.securityfocus.com/bid/78726

www.securitytracker.com/id/1034341

support.apple.com/HT205639

support.apple.com/HT205640

support.apple.com/kb/HT205636

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

Related for CVE-2015-7104