Details of VAR-201509-0127

ID

VAR-201509-0127

CVE

CVE-2015-5827

TITLE

Apple iOS Used in etc. WebKit Vulnerabilities that bypass the same origin policy

Trust: 0.8

sources: JVNDB: JVNDB-2015-004805

DESCRIPTION

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. Apple iOS Used in etc. WebKit is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code with system privileges, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in Apple iOS 8.4.1 and earlier versions of WebKit

Trust: 2.07

sources: NVD: CVE-2015-5827 // JVNDB: JVNDB-2015-004805 // BID: 76766 // VULHUB: VHN-83788 // VULMON: CVE-2015-5827

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	8.4.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x el capitan v10.11)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	8.4.1	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 76766 // JVNDB: JVNDB-2015-004805 // CNNVD: CNNVD-201509-315 // NVD: CVE-2015-5827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5827
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5827
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201509-315
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83788
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-5827
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5827
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-83788
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-83788 // VULMON: CVE-2015-5827 // JVNDB: JVNDB-2015-004805 // CNNVD: CNNVD-201509-315 // NVD: CVE-2015-5827

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-83788 // JVNDB: JVNDB-2015-004805 // NVD: CVE-2015-5827

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-315

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201509-315

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004805

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-09-16-1 iOS 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html	Trust: 0.8
title:	APPLE-SA-2015-09-30-2 Safari 9	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html	Trust: 0.8
title:	HT205212	url:	https://support.apple.com/en-us/HT205212	Trust: 0.8
title:	HT205265	url:	https://support.apple.com/en-us/HT205265	Trust: 0.8
title:	HT205265	url:	http://support.apple.com/ja-jp/HT205265	Trust: 0.8
title:	HT205212	url:	http://support.apple.com/ja-jp/HT205212	Trust: 0.8
title:	Apple: Safari 9	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=002c8d05fda67ef0c7d9c3fdcde98c96	Trust: 0.1

sources: VULMON: CVE-2015-5827 // JVNDB: JVNDB-2015-004805

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5827	Trust: 2.9
db:	BID	id:	76766	Trust: 1.5
db:	SECTRACK	id:	1033609	Trust: 1.2
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVN	id:	JVNVU99970459	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004805	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-315	Trust: 0.7
db:	VULHUB	id:	VHN-83788	Trust: 0.1
db:	VULMON	id:	CVE-2015-5827	Trust: 0.1

sources: VULHUB: VHN-83788 // VULMON: CVE-2015-5827 // BID: 76766 // JVNDB: JVNDB-2015-004805 // CNNVD: CNNVD-201509-315 // NVD: CVE-2015-5827

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html	Trust: 1.8
url:	https://support.apple.com/ht205212	Trust: 1.8
url:	http://www.securityfocus.com/bid/76766	Trust: 1.3
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00007.html	Trust: 1.2
url:	https://support.apple.com/ht205265	Trust: 1.2
url:	http://www.securitytracker.com/id/1033609	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5827	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99970459/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5827	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht205265	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=41306	Trust: 0.1

sources: VULHUB: VHN-83788 // VULMON: CVE-2015-5827 // BID: 76766 // JVNDB: JVNDB-2015-004805 // CNNVD: CNNVD-201509-315 // NVD: CVE-2015-5827

CREDITS

Gildas, Apple, Andrei Neculaesei, Guillaume Ross, Louis Romero of Google Inc., Yaoqi Jia of National University of Singapore (NUS), filedescriptor, Chris Evans, Yossi Oren et al. of Columbia University's Network Security Lab, Mickey Shkatov of the Intel(r)

Trust: 0.3

sources: BID: 76766

SOURCES

db:	VULHUB	id:	VHN-83788
db:	VULMON	id:	CVE-2015-5827
db:	BID	id:	76766
db:	JVNDB	id:	JVNDB-2015-004805
db:	CNNVD	id:	CNNVD-201509-315
db:	NVD	id:	CVE-2015-5827

LAST UPDATE DATE

2025-04-13T21:18:09.854000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-83788	date:	2016-12-22T00:00:00
db:	VULMON	id:	CVE-2015-5827	date:	2016-12-22T00:00:00
db:	BID	id:	76766	date:	2016-02-02T20:04:00
db:	JVNDB	id:	JVNDB-2015-004805	date:	2015-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201509-315	date:	2015-09-22T00:00:00
db:	NVD	id:	CVE-2015-5827	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-83788	date:	2015-09-18T00:00:00
db:	VULMON	id:	CVE-2015-5827	date:	2015-09-18T00:00:00
db:	BID	id:	76766	date:	2015-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-004805	date:	2015-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201509-315	date:	2015-09-22T00:00:00
db:	NVD	id:	CVE-2015-5827	date:	2015-09-18T10:59:46.517