Details of VAR-201504-0127

ID

VAR-201504-0127

CVE

CVE-2015-1111

TITLE

Apple iOS of Safari Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-002151

DESCRIPTION

Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to gain sensitive information, perform unauthorized actions, bypass security restrictions, and perform other attacks. These issues affect iOS versions prior to 8.3. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems

Trust: 1.98

sources: NVD: CVE-2015-1111 // JVNDB: JVNDB-2015-002151 // BID: 73978 // VULHUB: VHN-79071

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 73978 // JVNDB: JVNDB-2015-002151 // CNNVD: CNNVD-201504-136 // NVD: CVE-2015-1111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1111
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1111
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-136
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79071
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1111
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79071
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79071 // JVNDB: JVNDB-2015-002151 // CNNVD: CNNVD-201504-136 // NVD: CVE-2015-1111

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-79071 // JVNDB: JVNDB-2015-002151 // NVD: CVE-2015-1111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-136

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-136

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002151

PATCH

title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8
title:	OSXUpd10.10.3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54848	Trust: 0.6
title:	iPhone7,1_8.3_12F70_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54847	Trust: 0.6
title:	AppleTV3,2_7.2_12F69_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54849	Trust: 0.6

sources: JVNDB: JVNDB-2015-002151 // CNNVD: CNNVD-201504-136

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1111	Trust: 2.8
db:	BID	id:	73978	Trust: 1.4
db:	SECTRACK	id:	1032050	Trust: 1.1
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002151	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-136	Trust: 0.7
db:	VULHUB	id:	VHN-79071	Trust: 0.1

sources: VULHUB: VHN-79071 // BID: 73978 // JVNDB: JVNDB-2015-002151 // CNNVD: CNNVD-201504-136 // NVD: CVE-2015-1111

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht204661	Trust: 1.7
url:	http://www.securityfocus.com/bid/73978	Trust: 1.1
url:	http://www.securitytracker.com/id/1032050	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1111	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1111	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-us/ht204661	Trust: 0.3

sources: VULHUB: VHN-79071 // BID: 73978 // JVNDB: JVNDB-2015-002151 // CNNVD: CNNVD-201504-136 // NVD: CVE-2015-1111

CREDITS

TaiG Jailbreak Team, Jarrod Dwenger, Steve Favorito, Paul Reedy of ConocoPhillips, Pedro Tavares of Molecular Biophysics at UCIBIO/FCT/UNL, De Paul Sunny, Christian Still of Evolve Media, Canada, Brent Erickson, Stuart Ryan of University of Technology, Syd

Trust: 0.3

sources: BID: 73978

SOURCES

db:	VULHUB	id:	VHN-79071
db:	BID	id:	73978
db:	JVNDB	id:	JVNDB-2015-002151
db:	CNNVD	id:	CNNVD-201504-136
db:	NVD	id:	CVE-2015-1111

LAST UPDATE DATE

2024-11-23T21:02:33.094000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79071	date:	2017-01-03T00:00:00
db:	BID	id:	73978	date:	2015-05-07T17:36:00
db:	JVNDB	id:	JVNDB-2015-002151	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-136	date:	2015-04-13T00:00:00
db:	NVD	id:	CVE-2015-1111	date:	2024-11-21T02:24:41.720

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79071	date:	2015-04-10T00:00:00
db:	BID	id:	73978	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002151	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-136	date:	2015-04-13T00:00:00
db:	NVD	id:	CVE-2015-1111	date:	2015-04-10T14:59:26.420