Published: 10/04/2015 Updated: 11/09/2015

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 470

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

WebKit, as used in Apple iOS prior to 8.3 and Apple Safari prior to 6.2.5, 7.x prior to 7.1.5, and 8.x prior to 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote malicious users to trigger incorrect resource access via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple safari 8.0.0
apple safari 8.0.1
apple safari 8.0.2
apple safari 8.0.3
apple safari 7.0.3
apple safari 7.0.4
apple safari 7.0.5
apple safari 7.0.6
apple safari 7.1.0
apple safari
apple safari 7.0.1
apple safari 7.1.1
apple safari 7.1.3
apple safari 7.0
apple safari 7.0.2
apple safari 7.1.2
apple safari 7.1.4
apple safari 8.0.4

Apple splats Safari flaw affecting a BEELLION iThings

The Register • Darren Pauli • 15 Apr 2015

FTP bug sends doc hunters on nasty detours

Jouko Pynnönen, a security chap with Finnish firm Klikki Oy, has found a since patched bug he says could affect a billion Apple iDevices. Pynnönensays the cross-domain vulnerability in Safari's file transfer URL schemes allows attackers to modify website HTTP cookies and have documents loaded from malicious sites. "An attacker could create web content which, when viewed by a target user, bypasses some of the normal cross-domain restrictions to access or modify HTTP cookies belonging to any web...

CVE-2015-1126

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect