Lucene search
HistoryMay 08, 2015 - 12:59 a.m.
CVE-2015-1156
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6
Confidence
Low
EPSS
0.004
Percentile
71.9%
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link’s target, and spoof the user interface, via a crafted web site.
Affected configurations
Node
appleiphone_osRange≤8.3
Node
applesafariRange≤6.2.5
ORapplesafariMatch7.0
ORapplesafariMatch7.0.1
ORapplesafariMatch7.0.2
ORapplesafariMatch7.0.3
ORapplesafariMatch7.0.4
ORapplesafariMatch7.0.5
ORapplesafariMatch7.0.6
ORapplesafariMatch7.1.0
ORapplesafariMatch7.1.1
ORapplesafariMatch7.1.2
ORapplesafariMatch7.1.3
ORapplesafariMatch7.1.4
ORapplesafariMatch7.1.5
ORapplesafariMatch8.0.0
ORapplesafariMatch8.0.1
ORapplesafariMatch8.0.2
ORapplesafariMatch8.0.3
ORapplesafariMatch8.0.4
ORapplesafariMatch8.0.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | safari | * | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
| apple | safari | 7.0 | cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:* |
| apple | safari | 7.0.1 | cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:* |
| apple | safari | 7.0.2 | cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:* |
| apple | safari | 7.0.3 | cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:* |
| apple | safari | 7.0.4 | cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:* |
| apple | safari | 7.0.5 | cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:* |
| apple | safari | 7.0.6 | cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:* |
| apple | safari | 7.1.0 | cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-05-08 00:59:00
ubuntucve
ubuntucve
CVE-2015-1156
2015-05-08 00:00:00
cvelist
cvelist
CVE-2015-1156
2015-05-08 00:00:00
cve
cve
CVE-2015-1156
2015-05-08 00:59:04
nessus
nessus
Mac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
2015-05-08 00:00:00
Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
2015-09-17 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities -01 (May 2015) - Mac OS X
2015-05-11 00:00:00
Mageia: Security Advisory (MGASA-2016-0116)
2016-03-31 00:00:00
threatpost
threatpost
Apple Fixes WebKit Vulnerabilities in Safari Browser
2015-05-07 10:49:05
kaspersky
kaspersky
KLA10573 Multiple vulnerabilities in Apple Safari
2015-05-07 00:00:00
securityvulns
securityvulns
Apple Safari / Webkit multiple security vulnerabilities
2015-05-10 00:00:00
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
2015-05-10 00:00:00
Apple iOS multiple security vulnerabilities
2015-07-05 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6
Confidence
Low
EPSS
0.004
Percentile
71.9%
Related for NVD:CVE-2015-1156