Details of VAR-201510-0167

ID

VAR-201510-0167

CVE

CVE-2015-7004

TITLE

Apple iOS Service disruption in some kernels (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-005533

DESCRIPTION

The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial-of-service condition; this may aid in launching further attacks. Versions prior to iOS 9.1 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Kernel is one of the kernel components

Trust: 1.98

sources: NVD: CVE-2015-7004 // JVNDB: JVNDB-2015-005533 // BID: 77268 // VULHUB: VHN-84965

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 77268 // JVNDB: JVNDB-2015-005533 // CNNVD: CNNVD-201510-502 // NVD: CVE-2015-7004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7004
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7004
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201510-502
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84965
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7004
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84965
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84965 // JVNDB: JVNDB-2015-005533 // CNNVD: CNNVD-201510-502 // NVD: CVE-2015-7004

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-84965 // JVNDB: JVNDB-2015-005533 // NVD: CVE-2015-7004

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-502

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201510-502

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005533

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-21-1 iOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Trust: 0.8
title:	HT205370	url:	https://support.apple.com/en-us/HT205370	Trust: 0.8
title:	HT205370	url:	http://support.apple.com/ja-jp/HT205370	Trust: 0.8
title:	Apple iOS kernel Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58346	Trust: 0.6

sources: JVNDB: JVNDB-2015-005533 // CNNVD: CNNVD-201510-502

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7004	Trust: 2.8
db:	BID	id:	77268	Trust: 1.4
db:	SECTRACK	id:	1033929	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005533	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-502	Trust: 0.7
db:	VULHUB	id:	VHN-84965	Trust: 0.1

sources: VULHUB: VHN-84965 // BID: 77268 // JVNDB: JVNDB-2015-005533 // CNNVD: CNNVD-201510-502 // NVD: CVE-2015-7004

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht205370	Trust: 1.7
url:	http://www.securityfocus.com/bid/77268	Trust: 1.1
url:	http://www.securitytracker.com/id/1033929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7004	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7004	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3

sources: VULHUB: VHN-84965 // BID: 77268 // JVNDB: JVNDB-2015-005533 // CNNVD: CNNVD-201510-502 // NVD: CVE-2015-7004

CREDITS

PanguTeam, Proteas of Qihoo 360 Nirvan Team, Sergi Alvarez (pancake) of NowSecure Research Team, William Redwood of Hampton School and Andreas Kurtz of NESO Security Labs.

Trust: 0.3

sources: BID: 77268

SOURCES

db:	VULHUB	id:	VHN-84965
db:	BID	id:	77268
db:	JVNDB	id:	JVNDB-2015-005533
db:	CNNVD	id:	CNNVD-201510-502
db:	NVD	id:	CVE-2015-7004

LAST UPDATE DATE

2025-04-13T22:14:13.286000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84965	date:	2016-12-24T00:00:00
db:	BID	id:	77268	date:	2016-01-12T01:57:00
db:	JVNDB	id:	JVNDB-2015-005533	date:	2015-10-26T00:00:00
db:	CNNVD	id:	CNNVD-201510-502	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-7004	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84965	date:	2015-10-23T00:00:00
db:	BID	id:	77268	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005533	date:	2015-10-26T00:00:00
db:	CNNVD	id:	CNNVD-201510-502	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-7004	date:	2015-10-23T10:59:10.693