CVE-2015-1155

Published: May 8, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

Affected (21)

Products: Apple: Iphone Os, Safari

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 8.3

Configuration B

20 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 6.2.5
Apple Safari	Version 7.0.1
Apple Safari	Version 7.0.2
Apple Safari	Version 7.0.3
Apple Safari	Version 7.0.4
Apple Safari	Version 7.0.5
Apple Safari	Version 7.0.6
Apple Safari	Version 7.0
Apple Safari	Version 7.1.0
Apple Safari	Version 7.1.1
Apple Safari	Version 7.1.2
Apple Safari	Version 7.1.3
Apple Safari	Version 7.1.4
Apple Safari	Version 7.1.5
Apple Safari	Version 8.0.0
Apple Safari	Version 8.0.1
Apple Safari	Version 8.0.2
Apple Safari	Version 8.0.3
Apple Safari	Version 8.0.4
Apple Safari	Version 8.0.5

Related CWEs

References (18)

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/May/msg00000.html

Source: product-security@apple.com

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

Source: product-security@apple.com

http://support.apple.com/kb/HT204941

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/74527

Source: product-security@apple.com

http://www.securitytracker.com/id/1032270

Source: product-security@apple.com

http://www.ubuntu.com/usn/USN-2937-1

Source: product-security@apple.com

https://support.apple.com/HT204826

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/May/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT204941

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/74527

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032270

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2937-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT204826

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.