CVE-2015-3659

Published: Jul 3, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Affected (24)

Products: Apple: Iphone Os, Mac Os X, Safari

3 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 8.3
Apple Mac Os X	Up to 10.10.3

Configuration B

22 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 6.2.6
Apple Safari	Version 7.0.1
Apple Safari	Version 7.0.2
Apple Safari	Version 7.0.3
Apple Safari	Version 7.0.4
Apple Safari	Version 7.0.5
Apple Safari	Version 7.0.6
Apple Safari	Version 7.0
Apple Safari	Version 7.1.0
Apple Safari	Version 7.1.1
Apple Safari	Version 7.1.2
Apple Safari	Version 7.1.3
Apple Safari	Version 7.1.4
Apple Safari	Version 7.1.5
Apple Safari	Version 7.1.6
Apple Safari	Version 8.0.1
Apple Safari	Version 8.0.2
Apple Safari	Version 8.0.3
Apple Safari	Version 8.0.4
Apple Safari	Version 8.0.5
Apple Safari	Version 8.0.6
Apple Safari	Version 8.0

Related CWEs

References (16)

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html

Source: product-security@apple.com

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

Source: product-security@apple.com

http://support.apple.com/kb/HT204941

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT204950

Source: product-security@apple.com

Vendor Advisory

http://www.securityfocus.com/bid/75492

Source: product-security@apple.com

http://www.securitytracker.com/id/1032754

Source: product-security@apple.com

http://www.ubuntu.com/usn/USN-2937-1

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT204941

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT204950

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/75492

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032754

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2937-1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.