Details of VAR-201509-0119

ID

VAR-201509-0119

CVE

CVE-2015-5819

TITLE

Apple iOS and iTunes Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004785

DESCRIPTION

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Apple iOS and iTunes Used in etc. WebKit is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code with system privileges, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; iTunes is a set of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple iOS 8.4.1 and earlier and iTunes 12.2 and earlier

Trust: 2.07

sources: NVD: CVE-2015-5819 // JVNDB: JVNDB-2015-004785 // BID: 76766 // VULHUB: VHN-83780 // VULMON: CVE-2015-5819

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	12.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	itunes	scope:	lt	version:	12.3 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x el capitan v10.11)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	itunes	scope:	eq	version:	12.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 76766 // JVNDB: JVNDB-2015-004785 // CNNVD: CNNVD-201509-307 // NVD: CVE-2015-5819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5819
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5819
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201509-307
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83780
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-5819
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5819
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83780
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83780 // VULMON: CVE-2015-5819 // JVNDB: JVNDB-2015-004785 // CNNVD: CNNVD-201509-307 // NVD: CVE-2015-5819

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-83780 // JVNDB: JVNDB-2015-004785 // NVD: CVE-2015-5819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-307

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201509-307

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004785

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-16-3 iTunes 12.3	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Trust: 0.8
title:	APPLE-SA-2015-09-30-2 Safari 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html	Trust: 0.8
title:	APPLE-SA-2015-09-16-1 iOS 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html	Trust: 0.8
title:	HT205265	url:	https://support.apple.com/en-us/HT205265	Trust: 0.8
title:	HT205212	url:	https://support.apple.com/en-us/HT205212	Trust: 0.8
title:	HT205221	url:	https://support.apple.com/en-us/HT205221	Trust: 0.8
title:	HT205265	url:	http://support.apple.com/ja-jp/HT205265	Trust: 0.8
title:	HT205212	url:	http://support.apple.com/ja-jp/HT205212	Trust: 0.8
title:	HT205221	url:	http://support.apple.com/ja-jp/HT205221	Trust: 0.8
title:	iTunes6464Setup	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57671	Trust: 0.6
title:	iPhone7,1_9.0_13A344_Restore	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57670	Trust: 0.6
title:	Apple: Safari 9	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=002c8d05fda67ef0c7d9c3fdcde98c96	Trust: 0.1

sources: VULMON: CVE-2015-5819 // JVNDB: JVNDB-2015-004785 // CNNVD: CNNVD-201509-307

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5819	Trust: 2.9
db:	BID	id:	76766	Trust: 1.5
db:	SECTRACK	id:	1033609	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004785	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-307	Trust: 0.7
db:	VULHUB	id:	VHN-83780	Trust: 0.1
db:	VULMON	id:	CVE-2015-5819	Trust: 0.1

sources: VULHUB: VHN-83780 // VULMON: CVE-2015-5819 // BID: 76766 // JVNDB: JVNDB-2015-004785 // CNNVD: CNNVD-201509-307 // NVD: CVE-2015-5819

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html	Trust: 1.8
url:	https://support.apple.com/ht205212	Trust: 1.8
url:	https://support.apple.com/ht205221	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00007.html	Trust: 1.2
url:	http://www.securityfocus.com/bid/76766	Trust: 1.2
url:	https://support.apple.com/ht205265	Trust: 1.2
url:	http://www.securitytracker.com/id/1033609	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5819	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5819	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-5825	Trust: 0.1
url:	https://support.apple.com/kb/ht205265	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41306	Trust: 0.1

sources: VULHUB: VHN-83780 // VULMON: CVE-2015-5819 // BID: 76766 // JVNDB: JVNDB-2015-004785 // CNNVD: CNNVD-201509-307 // NVD: CVE-2015-5819

CREDITS

Gildas, Apple, Andrei Neculaesei, Guillaume Ross, Louis Romero of Google Inc., Yaoqi Jia of National University of Singapore (NUS), filedescriptor, Chris Evans, Yossi Oren et al. of Columbia University's Network Security Lab, Mickey Shkatov of the Intel(r)

Trust: 0.3

sources: BID: 76766

SOURCES

db:	VULHUB	id:	VHN-83780
db:	VULMON	id:	CVE-2015-5819
db:	BID	id:	76766
db:	JVNDB	id:	JVNDB-2015-004785
db:	CNNVD	id:	CNNVD-201509-307
db:	NVD	id:	CVE-2015-5819

LAST UPDATE DATE

2025-04-13T21:13:31.694000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83780	date:	2016-12-22T00:00:00
db:	VULMON	id:	CVE-2015-5819	date:	2016-12-22T00:00:00
db:	BID	id:	76766	date:	2016-02-02T20:04:00
db:	JVNDB	id:	JVNDB-2015-004785	date:	2015-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-307	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5819	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83780	date:	2015-09-18T00:00:00
db:	VULMON	id:	CVE-2015-5819	date:	2015-09-18T00:00:00
db:	BID	id:	76766	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004785	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-307	date:	2015-09-21T00:00:00
db:	NVD	id:	CVE-2015-5819	date:	2015-09-18T10:59:38.410