Details of VAR-201510-0168

ID

VAR-201510-0168

CVE

CVE-2015-7005

TITLE

Apple iOS Used in etc. Webkit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-005534

DESCRIPTION

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. Apple iOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple iOS 9.0.2 and earlier

Trust: 1.98

sources: NVD: CVE-2015-7005 // JVNDB: JVNDB-2015-005534 // BID: 77269 // VULHUB: VHN-84966

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.0.2	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.1	Trust: 0.3

sources: BID: 77269 // JVNDB: JVNDB-2015-005534 // CNNVD: CNNVD-201510-503 // NVD: CVE-2015-7005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7005
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7005
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201510-503
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84966
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7005
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84966
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-84966 // JVNDB: JVNDB-2015-005534 // CNNVD: CNNVD-201510-503 // NVD: CVE-2015-7005

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-84966 // JVNDB: JVNDB-2015-005534 // NVD: CVE-2015-7005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-503

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-503

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005534

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2015-10-21-1 iOS 9.1	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html	Trust: 0.8
title:	HT205370	url:	https://support.apple.com/en-us/HT205370	Trust: 0.8
title:	HT205370	url:	http://support.apple.com/ja-jp/HT205370	Trust: 0.8
title:	Apple iOS WebKit Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58347	Trust: 0.6

sources: JVNDB: JVNDB-2015-005534 // CNNVD: CNNVD-201510-503

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7005	Trust: 2.8
db:	SECTRACK	id:	1033929	Trust: 1.1
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005534	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-503	Trust: 0.7
db:	BID	id:	77269	Trust: 0.3
db:	VULHUB	id:	VHN-84966	Trust: 0.1

sources: VULHUB: VHN-84966 // BID: 77269 // JVNDB: JVNDB-2015-005534 // CNNVD: CNNVD-201510-503 // NVD: CVE-2015-7005

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht205370	Trust: 1.7
url:	http://www.securitytracker.com/id/1033929	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7005	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7005	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-84966 // BID: 77269 // JVNDB: JVNDB-2015-005534 // CNNVD: CNNVD-201510-503 // NVD: CVE-2015-7005

CREDITS

Apple

Trust: 0.3

sources: BID: 77269

SOURCES

db:	VULHUB	id:	VHN-84966
db:	BID	id:	77269
db:	JVNDB	id:	JVNDB-2015-005534
db:	CNNVD	id:	CNNVD-201510-503
db:	NVD	id:	CVE-2015-7005

LAST UPDATE DATE

2025-04-13T21:28:29.757000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84966	date:	2016-12-24T00:00:00
db:	BID	id:	77269	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005534	date:	2015-10-26T00:00:00
db:	CNNVD	id:	CNNVD-201510-503	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-7005	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84966	date:	2015-10-23T00:00:00
db:	BID	id:	77269	date:	2015-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-005534	date:	2015-10-26T00:00:00
db:	CNNVD	id:	CNNVD-201510-503	date:	2015-10-26T00:00:00
db:	NVD	id:	CVE-2015-7005	date:	2015-10-23T10:59:11.943