Details of VAR-201503-0099

ID

VAR-201503-0099

CVE

CVE-2015-1075

TITLE

Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-001861

DESCRIPTION

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Apple Safari Used in etc. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple Safari. The following versions are affected: Apple Safari prior to 6.2.4, 7.x prior to 7.1.4, and 8.x prior to 8.0.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address the following: WebKit Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. This issue was addressed through improved user interface consistency checks. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQIcBAEBAgAGBQJVCHNfAAoJEBcWfLTuOo7twwcQAJw+o6wILW0ZLtMEV3DugttG 5agZqzvO1CdpmtqlUlyEJhQ1r9SrzBnqaTqgXUzMZv/ZFRR0FrgKnEcqJXH82K6y wAVOIwDWKazKbzvYMOOREYQ1JCCRHJnA/I4+8/RGkZAqXhrWgIqbGikxDND3BGfP RnM4ae9oQxGIbiZeyGCVWbGi/WEvsXY20tHZLelK0GzUZw+KaYQqPL8K681LOWaT KB3l85vXl4a6rHFE9oz25dh5dlOUUVlUtXQAjffchS/hyBBCTIxBEpu2iACx6h8L 5UmSs7pilr3bmlA2FQakfHTMWgBfWIiwxYyNY5C/s0UnUx+uMuW9kR/NSjFyrQUB wvlKPQ+oKM4m5WoorgM57XhSbcL/Rf6YVmN6sYf27TISLDHxvCAy5wK5xyyL8zTo KWiMJCmDzlhRInlC2VfJNFZvdr/1xfogNXOQTWGsFXCbKAzs4HT5dPhg5QjyJ/fq tJH5gtXo/MklMke9zJYhdLhdCGI26h2kmnV7ugelNxdxYS99UyKsS9vnIEkc4C4t pAdB6PH1V0KMvXMoUerDWkJyPy4vvaAXPsaGVjbaNRfK+BwEDtjrsY7UbNsrPIrc ef+hjfnkTEnFWnpBW4A+YVpLQz/uMLDcsePMkwR2tKq1LEBHyKhqbKiAXt1HVd6H B5CGJrtHUaXWG0BwUmnn =d/wD -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2015-1075 // JVNDB: JVNDB-2015-001861 // VULHUB: VHN-79035 // PACKETSTORM: 132529 // PACKETSTORM: 130894

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	7.1.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 1.6
vendor:	apple	model:	safari	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	6.2.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	12.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.2 (windows 7)	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.2 (windows 8)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.2.4	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	7.1.4	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	8.0.4	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.6

sources: JVNDB: JVNDB-2015-001861 // CNNVD: CNNVD-201503-376 // NVD: CVE-2015-1075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1075
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1075
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201503-376
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79035
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1075
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79035
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79035 // JVNDB: JVNDB-2015-001861 // CNNVD: CNNVD-201503-376 // NVD: CVE-2015-1075

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-79035 // JVNDB: JVNDB-2015-001861 // NVD: CVE-2015-1075

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-376

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201503-376

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001861

PATCH

title:	APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4	url:	http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html	Trust: 0.8
title:	APPLE-SA-2015-06-30-6 iTunes 12.2	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html	Trust: 0.8
title:	HT204560	url:	http://support.apple.com/en-us/HT204560	Trust: 0.8
title:	HT204949	url:	http://support.apple.com/en-us/HT204949	Trust: 0.8
title:	HT204560	url:	http://support.apple.com/ja-jp/HT204560	Trust: 0.8
title:	HT204949	url:	http://support.apple.com/ja-jp/HT204949	Trust: 0.8

sources: JVNDB: JVNDB-2015-001861

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1075	Trust: 2.7
db:	SECTRACK	id:	1031936	Trust: 1.1
db:	JVN	id:	JVNVU99221748	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001861	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-376	Trust: 0.7
db:	VULHUB	id:	VHN-79035	Trust: 0.1
db:	PACKETSTORM	id:	132529	Trust: 0.1
db:	PACKETSTORM	id:	130894	Trust: 0.1

sources: VULHUB: VHN-79035 // JVNDB: JVNDB-2015-001861 // PACKETSTORM: 132529 // PACKETSTORM: 130894 // CNNVD: CNNVD-201503-376 // NVD: CVE-2015-1075

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/mar/msg00004.html	Trust: 1.7
url:	https://support.apple.com/ht204560	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00006.html	Trust: 1.1
url:	https://support.apple.com/kb/ht204949	Trust: 1.1
url:	http://www.securitytracker.com/id/1031936	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1075	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99221748/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1075	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1073	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1069	Trust: 0.2
url:	http://support.apple.com/kb/ht1222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1075	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1079	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1076	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1077	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1074	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1070	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1071	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1072	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1080	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1068	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1078	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4479	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4452	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4471	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4473	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4468	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4475	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4476	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4474	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3192	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4459	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4472	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4477	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4470	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4466	Trust: 0.1
url:	http://www.apple.com/itunes/download/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1083	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1084	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1082	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1081	Trust: 0.1

sources: VULHUB: VHN-79035 // JVNDB: JVNDB-2015-001861 // PACKETSTORM: 132529 // PACKETSTORM: 130894 // CNNVD: CNNVD-201503-376 // NVD: CVE-2015-1075

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 132529 // PACKETSTORM: 130894

SOURCES

db:	VULHUB	id:	VHN-79035
db:	JVNDB	id:	JVNDB-2015-001861
db:	PACKETSTORM	id:	132529
db:	PACKETSTORM	id:	130894
db:	CNNVD	id:	CNNVD-201503-376
db:	NVD	id:	CVE-2015-1075

LAST UPDATE DATE

2024-11-23T21:14:43.514000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79035	date:	2015-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-001861	date:	2015-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201503-376	date:	2015-03-19T00:00:00
db:	NVD	id:	CVE-2015-1075	date:	2024-11-21T02:24:36.743

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79035	date:	2015-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-001861	date:	2015-03-20T00:00:00
db:	PACKETSTORM	id:	132529	date:	2015-07-02T11:08:22
db:	PACKETSTORM	id:	130894	date:	2015-03-19T05:01:53
db:	CNNVD	id:	CNNVD-201503-376	date:	2015-03-19T00:00:00
db:	NVD	id:	CVE-2015-1075	date:	2015-03-18T22:59:07.487