Details of VAR-201509-0115

ID

VAR-201509-0115

CVE

CVE-2015-5815

TITLE

Apple iTunes Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004792

DESCRIPTION

WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. Apple iTunes Used in etc. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to iTunes 12.3 are vulnerable. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.98

sources: NVD: CVE-2015-5815 // JVNDB: JVNDB-2015-004792 // BID: 76765 // VULHUB: VHN-83776

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lte	version:	12.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	12.3 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x el capitan v10.11)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	12.2	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.6
vendor:	esignal	model:	esignal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3

sources: BID: 76765 // JVNDB: JVNDB-2015-004792 // CNNVD: CNNVD-201509-261 // NVD: CVE-2015-5815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5815
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5815
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201509-261
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83776
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5815
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-83776
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83776 // JVNDB: JVNDB-2015-004792 // CNNVD: CNNVD-201509-261 // NVD: CVE-2015-5815

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-83776 // JVNDB: JVNDB-2015-004792 // NVD: CVE-2015-5815

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-261

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-261

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004792

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-16-3 iTunes 12.3	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Trust: 0.8
title:	APPLE-SA-2015-09-30-2 Safari 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html	Trust: 0.8
title:	HT205221	url:	https://support.apple.com/en-us/HT205221	Trust: 0.8
title:	HT205265	url:	https://support.apple.com/en-us/HT205265	Trust: 0.8
title:	HT205265	url:	http://support.apple.com/ja-jp/HT205265	Trust: 0.8
title:	HT205221	url:	http://support.apple.com/ja-jp/HT205221	Trust: 0.8

sources: JVNDB: JVNDB-2015-004792

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5815	Trust: 2.8
db:	BID	id:	76765	Trust: 2.0
db:	SECTRACK	id:	1033617	Trust: 1.1
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004792	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-261	Trust: 0.7
db:	VULHUB	id:	VHN-83776	Trust: 0.1

sources: VULHUB: VHN-83776 // BID: 76765 // JVNDB: JVNDB-2015-004792 // CNNVD: CNNVD-201509-261 // NVD: CVE-2015-5815

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/76765	Trust: 1.7
url:	https://support.apple.com/ht205221	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00007.html	Trust: 1.1
url:	https://support.apple.com/ht205265	Trust: 1.1
url:	http://www.securitytracker.com/id/1033617	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5815	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5815	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	http://webkitgtk.org/security/wsa-2015-0002.html	Trust: 0.3

sources: VULHUB: VHN-83776 // BID: 76765 // JVNDB: JVNDB-2015-004792 // CNNVD: CNNVD-201509-261 // NVD: CVE-2015-5815

CREDITS

Joe Vennix and Apple.

Trust: 0.9

sources: BID: 76765 // CNNVD: CNNVD-201509-261

SOURCES

db:	VULHUB	id:	VHN-83776
db:	BID	id:	76765
db:	JVNDB	id:	JVNDB-2015-004792
db:	CNNVD	id:	CNNVD-201509-261
db:	NVD	id:	CVE-2015-5815

LAST UPDATE DATE

2025-04-13T22:24:04.679000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83776	date:	2016-12-22T00:00:00
db:	BID	id:	76765	date:	2016-02-02T19:47:00
db:	JVNDB	id:	JVNDB-2015-004792	date:	2015-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201509-261	date:	2015-09-24T00:00:00
db:	NVD	id:	CVE-2015-5815	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83776	date:	2015-09-18T00:00:00
db:	BID	id:	76765	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004792	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-261	date:	2015-09-18T00:00:00
db:	NVD	id:	CVE-2015-5815	date:	2015-09-18T10:59:34.393