CVE-2015-1126
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
WebKit, utilizado en Apple iOS anterior a 8.3 y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, no maneja correctamente el campo userinfo en las URLs FTP, lo que permite a atacantes remotos provocar el acceso a recursos incorrecto a través de vectores no especificados.
A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-16 CVE Reserved
- 2015-04-09 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1032047 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html | 2015-09-11 | |
| http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html | 2015-09-11 | |
| https://support.apple.com/HT204658 | 2015-09-11 | |
| https://support.apple.com/HT204661 | 2015-09-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 8.2 Search vendor "Apple" for product "Iphone Os" and version " <= 8.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 6.2.4 Search vendor "Apple" for product "Safari" and version " <= 6.2.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0 Search vendor "Apple" for product "Safari" and version "7.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.1 Search vendor "Apple" for product "Safari" and version "7.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.2 Search vendor "Apple" for product "Safari" and version "7.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.3 Search vendor "Apple" for product "Safari" and version "7.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.4 Search vendor "Apple" for product "Safari" and version "7.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.5 Search vendor "Apple" for product "Safari" and version "7.0.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.6 Search vendor "Apple" for product "Safari" and version "7.0.6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.0 Search vendor "Apple" for product "Safari" and version "7.1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.1 Search vendor "Apple" for product "Safari" and version "7.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.2 Search vendor "Apple" for product "Safari" and version "7.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.3 Search vendor "Apple" for product "Safari" and version "7.1.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.4 Search vendor "Apple" for product "Safari" and version "7.1.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.0 Search vendor "Apple" for product "Safari" and version "8.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.1 Search vendor "Apple" for product "Safari" and version "8.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.2 Search vendor "Apple" for product "Safari" and version "8.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.3 Search vendor "Apple" for product "Safari" and version "8.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.4 Search vendor "Apple" for product "Safari" and version "8.0.4" | - |
Affected
| ||||||