Sign-up

ID

VAR-201509-0044


CVE

CVE-2015-5905


TITLE

Apple iOS of Safari In URL When Web Vulnerability impersonating content

Trust: 0.8

sources: JVNDB: JVNDB-2015-004824

DESCRIPTION

Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. Supplementary information : CWE Vulnerability types by CWE-254: Security Features ( Security features ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Safari is one of the web browser components

Trust: 1.98

sources: NVD: CVE-2015-5905 // JVNDB: JVNDB-2015-004824 // BID: 76764 // VULHUB: VHN-83866

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:8.4.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9 (ipod touch no. 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004824 // CNNVD: CNNVD-201509-359 // NVD: CVE-2015-5905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5905
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5905
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201509-359
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83866
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5905
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-83866
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83866 // JVNDB: JVNDB-2015-004824 // CNNVD: CNNVD-201509-359 // NVD: CVE-2015-5905

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83866 // JVNDB: JVNDB-2015-004824 // NVD: CVE-2015-5905

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-359

TYPE

Unknown

Trust: 0.3

sources: BID: 76764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004824

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-16-1 iOS 9url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
Trust: 0.8
title:HT205212url:https://support.apple.com/en-us/HT205212
Trust: 0.8
title:HT205212url:http://support.apple.com/ja-jp/HT205212
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004824

EXTERNAL IDS
db:NVDid:CVE-2015-5905
Trust: 2.8
db:BIDid:76764
Trust: 1.4
db:SECTRACKid:1033609
Trust: 1.1
db:JVNid:JVNVU99970459
Trust: 0.8
db:JVNDBid:JVNDB-2015-004824
Trust: 0.8
db:CNNVDid:CNNVD-201509-359
Trust: 0.7
db:VULHUBid:VHN-83866
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83866 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004824 // 
            
            
            
            CNNVD: CNNVD-201509-359 // 
            
            
            
            NVD: CVE-2015-5905

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html
Trust: 1.7
url:https://support.apple.com/ht205212
Trust: 1.7
url:http://www.securityfocus.com/bid/76764
Trust: 1.1
url:http://www.securitytracker.com/id/1033609
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5905
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99970459/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5905
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-83866 // 
            
            
            
            BID: 76764 // 
            
            
            
            JVNDB: JVNDB-2015-004824 // 
            
            
            
            CNNVD: CNNVD-201509-359 // 
            
            
            
            NVD: CVE-2015-5905

CREDITS
Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,
Trust: 0.3
sources:
            
            
            BID: 76764

SOURCES
db:VULHUBid:VHN-83866
db:BIDid:76764
db:JVNDBid:JVNDB-2015-004824
db:CNNVDid:CNNVD-201509-359
db:NVDid:CVE-2015-5905

LAST UPDATE DATE
2025-04-13T22:09:45.623000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83866date:2016-12-22T00:00:00
db:BIDid:76764date:2015-11-03T19:44:00
db:JVNDBid:JVNDB-2015-004824date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-359date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5905date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83866date:2015-09-18T00:00:00
db:BIDid:76764date:2015-09-16T00:00:00
db:JVNDBid:JVNDB-2015-004824date:2015-09-25T00:00:00
db:CNNVDid:CNNVD-201509-359date:2015-09-21T00:00:00
db:NVDid:CVE-2015-5905date:2015-09-18T12:00:44.353