Sign-up

ID

VAR-201509-0050


CVE

CVE-2015-5912


TITLE

Apple iOS of CFNetwork FTPProtocol For intranet hosts in components TCP Vulnerabilities that trigger connection attempts

Trust: 0.8

sources: JVNDB: JVNDB-2015-004827

DESCRIPTION

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. TCP This could trigger a connection attempt. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. CFNetwork FTPProtocol is one of the components that provides an abstract network upload protocol library

Trust: 2.07

sources: NVD: CVE-2015-5912 // JVNDB: JVNDB-2015-004827 // BID: 76764 // VULHUB: VHN-83873 // VULMON: CVE-2015-5912

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004827 // CNNVD: CNNVD-201509-365 // NVD: CVE-2015-5912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5912
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5912
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-365
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83873
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5912
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83873
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83873 // VULMON: CVE-2015-5912 // JVNDB: JVNDB-2015-004827 // CNNVD: CNNVD-201509-365 // NVD: CVE-2015-5912

PROBLEMTYPE DATA

problemtype:CWE-17

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83873 // JVNDB: JVNDB-2015-004827 // NVD: CVE-2015-5912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-365

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201509-365

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004827

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5912 // 
            
            
            
            JVNDB: JVNDB-2015-004827

EXTERNAL IDS
db:NVDid:CVE-2015-5912
Trust: 2.9
db:BIDid:76764
Trust: 1.5
db:SECTRACKid:1033609
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004827
Trust: 0.8
db:CNNVDid:CNNVD-201509-365
Trust: 0.7
db:VULHUBid:VHN-83873
Trust: 0.1
db:VULMONid:CVE-2015-5912
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83873 // 
            
            
            
            VULMON: CVE-2015-5912 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004827 // 
            
            
            
            CNNVD: CNNVD-201509-365 // 
            
            
            
            NVD: CVE-2015-5912

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.8
url:https://support.apple.com/ht205212
Trust: 1.8
url:http://www.securityfocus.com/bid/76764
Trust: 1.3
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.2
url:http://www.securityfocus.com/archive/1/536488/100/0/threaded
Trust: 1.2
url:https://support.apple.com/ht205267
Trust: 1.2
url:http://www.securitytracker.com/id/1033609
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5912
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5912
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/17.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83873 // 
            
            
            
            VULMON: CVE-2015-5912 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004827 // 
            
            
            
            CNNVD: CNNVD-201509-365 // 
            
            
            
            NVD: CVE-2015-5912

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83873
db:VULMONid:CVE-2015-5912
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004827
db:CNNVDid:CNNVD-201509-365
db:NVDid:CVE-2015-5912

LAST UPDATE DATE
2024-11-23T21:09:34.307000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83873date:2018-10-09T00:00:00
db:VULMONid:CVE-2015-5912date:2018-10-09T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004827date:2015-10-14T00:00:00
db:CNNVDid:CNNVD-201509-365date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5912date:2024-11-21T02:34:07.180

SOURCES RELEASE DATE
db:VULHUBid:VHN-83873date:2015-09-18T00:00:00
db:VULMONid:CVE-2015-5912date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004827date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-365date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5912date:2015-09-18T12:00:56.120