Details of VAR-201504-0143

ID

VAR-201504-0143

CVE

CVE-2015-1125

TITLE

Apple iOS Used in etc. Webkit Tap and unintentional in the implementation of touch events Web Vulnerabilities that trigger association with resources

Trust: 0.8

sources: JVNDB: JVNDB-2015-002153

DESCRIPTION

The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. Apple iOS Used in etc. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. WebKit is prone to a clickjacking vulnerability. Successful exploits will allow an authenticated attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A remote attacker can use a specially crafted website to exploit this vulnerability to lure users to click to visit other websites

Trust: 1.98

sources: NVD: CVE-2015-1125 // JVNDB: JVNDB-2015-002153 // BID: 73980 // VULHUB: VHN-79085

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	8.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.2	Trust: 0.6
vendor:	apple	model:	webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	8.3	Trust: 0.3

sources: BID: 73980 // JVNDB: JVNDB-2015-002153 // CNNVD: CNNVD-201504-150 // NVD: CVE-2015-1125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1125
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1125
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-150
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79085
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1125
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79085
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79085 // JVNDB: JVNDB-2015-002153 // CNNVD: CNNVD-201504-150 // NVD: CVE-2015-1125

PROBLEMTYPE DATA

problemtype:	CWE-17	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-79085 // JVNDB: JVNDB-2015-002153 // NVD: CVE-2015-1125

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-150

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201504-150

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002153

PATCH

title:	APPLE-SA-2015-04-08-3 iOS 8.3	url:	http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/en-us/HT204661	Trust: 0.8
title:	HT204661	url:	http://support.apple.com/ja-jp/HT204661	Trust: 0.8

sources: JVNDB: JVNDB-2015-002153

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1125	Trust: 2.8
db:	SECTRACK	id:	1032050	Trust: 1.1
db:	JVN	id:	JVNVU91828320	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002153	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-150	Trust: 0.7
db:	BID	id:	73980	Trust: 0.4
db:	VULHUB	id:	VHN-79085	Trust: 0.1

sources: VULHUB: VHN-79085 // BID: 73980 // JVNDB: JVNDB-2015-002153 // CNNVD: CNNVD-201504-150 // NVD: CVE-2015-1125

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/apr/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht204661	Trust: 1.7
url:	http://www.securitytracker.com/id/1032050	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1125	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91828320/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1125	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://support.apple.com/en-us/ht204661	Trust: 0.3

sources: VULHUB: VHN-79085 // BID: 73980 // JVNDB: JVNDB-2015-002153 // CNNVD: CNNVD-201504-150 // NVD: CVE-2015-1125

CREDITS

Phillip Moon and Matt Weston of www.sandfield.co.nz

Trust: 0.3

sources: BID: 73980

SOURCES

db:	VULHUB	id:	VHN-79085
db:	BID	id:	73980
db:	JVNDB	id:	JVNDB-2015-002153
db:	CNNVD	id:	CNNVD-201504-150
db:	NVD	id:	CVE-2015-1125

LAST UPDATE DATE

2024-11-23T20:19:55.787000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79085	date:	2015-09-11T00:00:00
db:	BID	id:	73980	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002153	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-150	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1125	date:	2024-11-21T02:24:43.713

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79085	date:	2015-04-10T00:00:00
db:	BID	id:	73980	date:	2015-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-002153	date:	2015-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201504-150	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-1125	date:	2015-04-10T14:59:38.807