Details of VAR-201510-0162

ID

VAR-201510-0162

CVE

CVE-2015-6997

TITLE

Apple iOS of X.509 Vulnerability for impersonating endpoints in the implementation of certificate trust assessment

Trust: 0.8

sources: JVNDB: JVNDB-2015-005530

DESCRIPTION

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) May spoof the endpoint by using access to revoked certificates. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial-of-service condition; this may aid in launching further attacks. Versions prior to iOS 9.1 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Compression Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of malformed media files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7075 dyld Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A segment validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7072 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative GasGauge Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero LaunchServices Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7113 : Olivier Goguel of Free Tools Association libarchive Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) OpenGL Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks Sandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRUAAoJEBcWfLTuOo7tDFcP/0eMRtPiazqLeAvYEhbHBBYX K9T4vuY0ridD8lmoOPIEjcZnlx2VfZJIeUlgRoWBi1gm5Hi9UoR/17wCSJBUK7an EwcR2zlwEwZK3Vb64ogyAr3CkV0646nMyTiBRoZT+vz/zTRxxh/7yxcGE0kc6h2m 1w4uiljcU/1DzMNbjWz7+TSOKRJLilumf2kzvRGS5WPRs/WN1xJ6bGA5aiY9+M0R 7QbgnTsLVU58jmo1iIJDGLUyQ/7iF+kALZa+IozKRXJjbrq31qkheGSMCquUgDQT 3MkNbMl+UwZQdWuUswjp/ZYZ1EJ3e1AFNKVwv4f79DpBDViquq9g13agnCExhvvK ByrCwL41emEwQ0rVZdtmfneCrTsUfWGkM4BSAcSLJAmsJ/H9gP/J11x8MK4qkd+q Xl4YKJtRE1ovkRlxpKQbJL14yXIXVXMCdXhwkU6HlyxX3qOw8Gop0/2AXuBIup7Q 4idJ+JJyLjv6mYL3CtgWh+D6HVpRSS2DeKjHP33F8qMNaD0zjjlx1qQ2MZ42gwI4 4g5gGHWaq9q4fCLdbIvfHdeeU54Xb8Q/rJ2CMuE3y0q7BzYzToJFt8xE5+kw1d+x 3Cfc2clhT7YJdg2i4JtakbAAGMybx2IqfO2Zjc2GIGPuZGUSxQKUFgtmfJDR0/4e Zgl367oS5NsHOKYGx4cn =gPGz -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-6997 // JVNDB: JVNDB-2015-005530 // BID: 77268 // VULHUB: VHN-84958 // PACKETSTORM: 134750

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lte	version:	2.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.1 (apple watch)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 77268 // JVNDB: JVNDB-2015-005530 // CNNVD: CNNVD-201510-499 // NVD: CVE-2015-6997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6997
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6997
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-499
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84958
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6997
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84958
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84958 // JVNDB: JVNDB-2015-005530 // CNNVD: CNNVD-201510-499 // NVD: CVE-2015-6997

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-84958 // JVNDB: JVNDB-2015-005530 // NVD: CVE-2015-6997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-499

TYPE

Unknown

Trust: 0.3

sources: BID: 77268

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005530

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-21-1 iOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Trust: 0.8
title:	APPLE-SA-2015-12-08-4 watchOS 2.1	url:	http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html	Trust: 0.8
title:	HT205370	url:	https://support.apple.com/en-us/HT205370	Trust: 0.8
title:	HT205641	url:	https://support.apple.com/en-us/HT205641	Trust: 0.8
title:	HT205641	url:	https://support.apple.com/ja-jp/HT205641	Trust: 0.8
title:	HT205370	url:	http://support.apple.com/ja-jp/HT205370	Trust: 0.8
title:	Apple iOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58343	Trust: 0.6

sources: JVNDB: JVNDB-2015-005530 // CNNVD: CNNVD-201510-499

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6997	Trust: 2.9
db:	BID	id:	77268	Trust: 1.4
db:	SECTRACK	id:	1033929	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVN	id:	JVNVU97526033	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005530	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-499	Trust: 0.7
db:	VULHUB	id:	VHN-84958	Trust: 0.1
db:	PACKETSTORM	id:	134750	Trust: 0.1

sources: VULHUB: VHN-84958 // BID: 77268 // JVNDB: JVNDB-2015-005530 // PACKETSTORM: 134750 // CNNVD: CNNVD-201510-499 // NVD: CVE-2015-6997

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht205370	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2015/dec/msg00002.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/77268	Trust: 1.1
url:	https://support.apple.com/ht205641	Trust: 1.1
url:	http://www.securitytracker.com/id/1033929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6997	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97526033/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6997	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7064	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6979	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6997	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7047	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7046	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7043	Trust: 0.1
url:	https://support.apple.com/en-us/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7053	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2895	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7075	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7105	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7059	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7001	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7083	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7084	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7039	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7072	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7040	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7054	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7061	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7111	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7073	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7038	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7066	Trust: 0.1

sources: VULHUB: VHN-84958 // BID: 77268 // JVNDB: JVNDB-2015-005530 // PACKETSTORM: 134750 // CNNVD: CNNVD-201510-499 // NVD: CVE-2015-6997

CREDITS

PanguTeam, Proteas of Qihoo 360 Nirvan Team, Sergi Alvarez (pancake) of NowSecure Research Team, William Redwood of Hampton School and Andreas Kurtz of NESO Security Labs.

Trust: 0.3

sources: BID: 77268

SOURCES

db:	VULHUB	id:	VHN-84958
db:	BID	id:	77268
db:	JVNDB	id:	JVNDB-2015-005530
db:	PACKETSTORM	id:	134750
db:	CNNVD	id:	CNNVD-201510-499
db:	NVD	id:	CVE-2015-6997

LAST UPDATE DATE

2025-04-13T22:16:10.773000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84958	date:	2016-12-24T00:00:00
db:	BID	id:	77268	date:	2016-01-12T01:57:00
db:	JVNDB	id:	JVNDB-2015-005530	date:	2015-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201510-499	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-6997	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84958	date:	2015-10-23T00:00:00
db:	BID	id:	77268	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005530	date:	2015-10-26T00:00:00
db:	PACKETSTORM	id:	134750	date:	2015-12-10T17:20:29
db:	CNNVD	id:	CNNVD-201510-499	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-6997	date:	2015-10-23T10:59:07.320