Sign-up

ID

VAR-201510-0080


CVE

CVE-2015-5915


TITLE

Apple OS X Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-005165

DESCRIPTION

Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlIt may be subject to unspecified effects and attacks. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. An attacker could exploit this vulnerability to incorrectly display the keychain's locked state to the user

Trust: 2.07

sources: NVD: CVE-2015-5915 // JVNDB: JVNDB-2015-005165 // BID: 76908 // VULHUB: VHN-83876 // VULMON: CVE-2015-5915

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.6.8 thats all 10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

sources: BID: 76908 // JVNDB: JVNDB-2015-005165 // CNNVD: CNNVD-201510-116 // NVD: CVE-2015-5915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5915
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5915
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-116
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83876
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-5915
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5915
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83876 // VULMON: CVE-2015-5915 // JVNDB: JVNDB-2015-005165 // CNNVD: CNNVD-201510-116 // NVD: CVE-2015-5915

PROBLEMTYPE DATA

problemtype:CWE-17

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-83876 // JVNDB: JVNDB-2015-005165 // NVD: CVE-2015-5915

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-116

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-116

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005165

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-09-30-3 OS X El Capitan 10.11url:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Trust: 0.8
title:HT205267url:https://support.apple.com/en-us/HT205267
Trust: 0.8
title:HT205267url:http://support.apple.com/ja-jp/HT205267
Trust: 0.8
title:Apple OS X Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57969
Trust: 0.6
title:Apple: OS X El Capitan v10.11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e88bab658248444f5dffc23fd95859e7
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5915 // 
            
            
            
            JVNDB: JVNDB-2015-005165 // 
            
            
            
            CNNVD: CNNVD-201510-116

EXTERNAL IDS
db:NVDid:CVE-2015-5915
Trust: 2.9
db:BIDid:76908
Trust: 1.5
db:SECTRACKid:1033703
Trust: 1.2
db:JVNid:JVNVU97220341
Trust: 0.8
db:JVNDBid:JVNDB-2015-005165
Trust: 0.8
db:CNNVDid:CNNVD-201510-116
Trust: 0.7
db:VULHUBid:VHN-83876
Trust: 0.1
db:VULMONid:CVE-2015-5915
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83876 // 
            
            
            
            VULMON: CVE-2015-5915 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005165 // 
            
            
            
            CNNVD: CNNVD-201510-116 // 
            
            
            
            NVD: CVE-2015-5915

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html
Trust: 1.8
url:https://support.apple.com/ht205267
Trust: 1.8
url:http://www.securityfocus.com/bid/76908
Trust: 1.3
url:http://www.securitytracker.com/id/1033703
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5915
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97220341/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5915
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-in/ht205267
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/17.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht205267
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=41307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-83876 // 
            
            
            
            VULMON: CVE-2015-5915 // 
            
            
            
            BID: 76908 // 
            
            
            
            JVNDB: JVNDB-2015-005165 // 
            
            
            
            CNNVD: CNNVD-201510-116 // 
            
            
            
            NVD: CVE-2015-5915

CREDITS
Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of
Trust: 0.3
sources:
            
            
            BID: 76908

SOURCES
db:VULHUBid:VHN-83876
db:VULMONid:CVE-2015-5915
db:BIDid:76908
db:JVNDBid:JVNDB-2015-005165
db:CNNVDid:CNNVD-201510-116
db:NVDid:CVE-2015-5915

LAST UPDATE DATE
2025-04-13T20:55:00.983000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-83876date:2016-12-08T00:00:00
db:VULMONid:CVE-2015-5915date:2016-12-08T00:00:00
db:BIDid:76908date:2015-12-08T22:02:00
db:JVNDBid:JVNDB-2015-005165date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-116date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5915date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-83876date:2015-10-09T00:00:00
db:VULMONid:CVE-2015-5915date:2015-10-09T00:00:00
db:BIDid:76908date:2015-09-30T00:00:00
db:JVNDBid:JVNDB-2015-005165date:2015-10-13T00:00:00
db:CNNVDid:CNNVD-201510-116date:2015-10-10T00:00:00
db:NVDid:CVE-2015-5915date:2015-10-09T05:59:34.390