CVE-2015-1120

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
http://www.securityfocus.com/bid/73972
http://www.securitytracker.com/id/1032047
http://www.ubuntu.com/usn/USN-2937-1
https://support.apple.com/HT204658	Vendor Advisory
https://support.apple.com/HT204661	Vendor Advisory
https://support.apple.com/HT204662	Vendor Advisory
https://support.apple.com/kb/HT204949
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
http://www.securityfocus.com/bid/73972
http://www.securitytracker.com/id/1032047
http://www.ubuntu.com/usn/USN-2937-1
https://support.apple.com/HT204658	Vendor Advisory
https://support.apple.com/HT204661	Vendor Advisory
https://support.apple.com/HT204662	Vendor Advisory
https://support.apple.com/kb/HT204949

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:7.0:::::::*
	cpe:2.3:a:apple:safari:7.0.1:::::::*
	cpe:2.3:a:apple:safari:7.0.2:::::::*
	cpe:2.3:a:apple:safari:7.0.3:::::::*
	cpe:2.3:a:apple:safari:7.0.4:::::::*
	cpe:2.3:a:apple:safari:7.0.5:::::::*
	cpe:2.3:a:apple:safari:7.0.6:::::::*
	cpe:2.3:a:apple:safari:7.1.0:::::::*
	cpe:2.3:a:apple:safari:7.1.1:::::::*
	cpe:2.3:a:apple:safari:7.1.2:::::::*
	cpe:2.3:a:apple:safari:7.1.3:::::::*
	cpe:2.3:a:apple:safari:7.1.4:::::::*
	cpe:2.3:a:apple:safari:8.0.0:::::::*
	cpe:2.3:a:apple:safari:8.0.1:::::::*
	cpe:2.3:a:apple:safari:8.0.2:::::::*
	cpe:2.3:a:apple:safari:8.0.3:::::::*
	cpe:2.3:a:apple:safari:8.0.4:::::::*

History

21 Nov 2024, 02:24

Type	Values Removed	Values Added
References	~~() http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html - Vendor Advisory~~	() http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html - Vendor Advisory
References	~~() http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html - Vendor Advisory~~	() http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html - Vendor Advisory
References	~~() http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html - Vendor Advisory~~	() http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html - Vendor Advisory
References	~~() http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html -~~	() http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html -~~	() http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html -
References	~~() http://www.securityfocus.com/bid/73972 -~~	() http://www.securityfocus.com/bid/73972 -
References	~~() http://www.securitytracker.com/id/1032047 -~~	() http://www.securitytracker.com/id/1032047 -
References	~~() http://www.ubuntu.com/usn/USN-2937-1 -~~	() http://www.ubuntu.com/usn/USN-2937-1 -
References	~~() https://support.apple.com/HT204658 - Vendor Advisory~~	() https://support.apple.com/HT204658 - Vendor Advisory
References	~~() https://support.apple.com/HT204661 - Vendor Advisory~~	() https://support.apple.com/HT204661 - Vendor Advisory
References	~~() https://support.apple.com/HT204662 - Vendor Advisory~~	() https://support.apple.com/HT204662 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT204949 -~~	() https://support.apple.com/kb/HT204949 -

Information

Published : 2015-04-10 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-1120

Mitre link : CVE-2015-1120

CVE.ORG link : CVE-2015-1120

JSON object : View

Products Affected

apple

iphone_os
safari
itunes
tvos

CWE

NVD-CWE-noinfo

{"id": "CVE-2015-1120", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-10T14:59:34.387", "references": [{"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html", "source": "product-security@apple.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html", "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/73972", "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1032047", "source": "product-security@apple.com"}, {"url": "http://www.ubuntu.com/usn/USN-2937-1", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT204658", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT204661", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT204662", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT204949", "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/73972", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032047", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2937-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT204658", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT204661", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/HT204662", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT204949", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4."}, {"lang": "es", "value": "WebKit, utilizado en Apple iOS anterior a 8.3, Apple TV anterior a 7.2, y Apple Safari anterior a 6.2.5, 7.x anterior a 7.1.5, y 8.x anterior a 8.0.5, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un sitio web manipulado, una vulnerabilidad diferente a otros CVEs de WebKit listados en APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, y APPLE-SA-2015-04-08-4."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49ED968C-DBBD-451F-8B03-E7314A8EE7A2", "versionEndIncluding": "12.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0340315-35F7-4736-854B-852916D00673", "versionEndIncluding": "8.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B98C1F4A-0A10-42CF-ABD5-A2248D55C7F0", "versionEndIncluding": "7.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E082F5D0-4261-4D84-8E4C-9D425028BFDA", "versionEndIncluding": "6.2.4"}, {"criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49457917-495E-4D17-A0AB-D2A163D4721D"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF"}, {"criteria": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6"}, {"criteria": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "223B13DA-9328-46C2-8426-3182D55E6669"}, {"criteria": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD636DF3-E590-4603-9D18-CC2375A97750"}, {"criteria": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B"}, {"criteria": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79C2EF49-A9F0-4612-903A-A3A95805277E"}, {"criteria": "cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845A67F0-7BE6-482C-AE49-D8E9B272BA6C"}, {"criteria": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5"}, {"criteria": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A5C7D83-EA9E-4E26-910D-8471252723EF"}, {"criteria": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6"}, {"criteria": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FDB5E2A-F3BD-4500-922E-A191C45DE93C"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}

6.8 /10