Details of VAR-201509-0085

ID

VAR-201509-0085

CVE

CVE-2015-5856

TITLE

Apple iOS of Application Store Denial of service for enterprise-signed applications in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004813

DESCRIPTION

The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlSkillfully crafted by a third party ITMS URL Service disruption to enterprise-signed applications via (DoS) There is a possibility of being put into a state. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 9 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Application Store is one of the application store components

Trust: 1.98

sources: NVD: CVE-2015-5856 // JVNDB: JVNDB-2015-004813 // BID: 76764 // VULHUB: VHN-83817

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.4.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 76764 // JVNDB: JVNDB-2015-004813 // CNNVD: CNNVD-201509-336 // NVD: CVE-2015-5856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5856
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5856
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201509-336
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83817
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5856
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83817
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83817 // JVNDB: JVNDB-2015-004813 // CNNVD: CNNVD-201509-336 // NVD: CVE-2015-5856

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-83817 // JVNDB: JVNDB-2015-004813 // NVD: CVE-2015-5856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-336

TYPE

Unknown

Trust: 0.3

sources: BID: 76764

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004813

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-16-1 iOS 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html	Trust: 0.8
title:	HT205212	url:	https://support.apple.com/en-us/HT205212	Trust: 0.8
title:	HT205212	url:	http://support.apple.com/ja-jp/HT205212	Trust: 0.8

sources: JVNDB: JVNDB-2015-004813

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5856	Trust: 2.8
db:	BID	id:	76764	Trust: 1.4
db:	SECTRACK	id:	1033609	Trust: 1.1
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004813	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-336	Trust: 0.7
db:	VULHUB	id:	VHN-83817	Trust: 0.1

sources: VULHUB: VHN-83817 // BID: 76764 // JVNDB: JVNDB-2015-004813 // CNNVD: CNNVD-201509-336 // NVD: CVE-2015-5856

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html	Trust: 1.7
url:	https://support.apple.com/ht205212	Trust: 1.7
url:	http://www.securityfocus.com/bid/76764	Trust: 1.1
url:	http://www.securitytracker.com/id/1033609	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5856	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5856	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-83817 // BID: 76764 // JVNDB: JVNDB-2015-004813 // CNNVD: CNNVD-201509-336 // NVD: CVE-2015-5856

CREDITS

Xiaofeng Zheng, Tsinghua University, Sam Greenhalgh, Andreas Kurtz, Erling Ellingsen, Amit Klein, Timothy J. Wood, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li, Feng Bao and Jianying Zhou, 1x7e1, beist of grayhash, Filippo Bigarella,

Trust: 0.3

sources: BID: 76764

SOURCES

db:	VULHUB	id:	VHN-83817
db:	BID	id:	76764
db:	JVNDB	id:	JVNDB-2015-004813
db:	CNNVD	id:	CNNVD-201509-336
db:	NVD	id:	CVE-2015-5856

LAST UPDATE DATE

2025-04-13T22:18:37.462000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83817	date:	2016-12-22T00:00:00
db:	BID	id:	76764	date:	2015-11-03T19:44:00
db:	JVNDB	id:	JVNDB-2015-004813	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-336	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5856	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83817	date:	2015-09-18T00:00:00
db:	BID	id:	76764	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004813	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-336	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5856	date:	2015-09-18T11:00:06.047