Sign-up

ID

VAR-201510-0186


CVE

CVE-2015-7023


TITLE

Apple iOS and OS X of CFNetwork In Cookie Overwritten vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-005563

DESCRIPTION

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlRemote Web Depending on the server Cookie May be overwritten. Apple iOS and Mac OS X are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. CFNetwork is a low-level, high-performance framework that is an extension of BSD sockets (sockets). The vulnerability stems from the fact that the program does not correctly distinguish between case and case when parsing cookies. A remote attacker could exploit this vulnerability to overwrite cookies

Trust: 1.98

sources: NVD: CVE-2015-7023 // JVNDB: JVNDB-2015-005563 // BID: 77263 // VULHUB: VHN-84984

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.0.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.0

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 77263 // JVNDB: JVNDB-2015-005563 // CNNVD: CNNVD-201510-562 // NVD: CVE-2015-7023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7023
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7023
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-562
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7023
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84984
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84984 // JVNDB: JVNDB-2015-005563 // CNNVD: CNNVD-201510-562 // NVD: CVE-2015-7023

PROBLEMTYPE DATA

problemtype:CWE-17

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-84984 // JVNDB: JVNDB-2015-005563 // NVD: CVE-2015-7023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-562

TYPE

Unknown

Trust: 0.3

sources: BID: 77263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005563

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
Trust: 0.8
title:APPLE-SA-2015-10-21-1 iOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
Trust: 0.8
title:HT205370url:https://support.apple.com/en-us/HT205370
Trust: 0.8
title:HT205375url:https://support.apple.com/en-us/HT205375
Trust: 0.8
title:HT205370url:http://support.apple.com/ja-jp/HT205370
Trust: 0.8
title:HT205375url:http://support.apple.com/ja-jp/HT205375
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-005563

EXTERNAL IDS
db:NVDid:CVE-2015-7023
Trust: 2.8
db:BIDid:77263
Trust: 1.4
db:SECTRACKid:1033929
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005563
Trust: 0.8
db:CNNVDid:CNNVD-201510-562
Trust: 0.7
db:SEEBUGid:SSVID-89824
Trust: 0.1
db:VULHUBid:VHN-84984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84984 // 
            
            
            
            BID: 77263 // 
            
            
            
            JVNDB: JVNDB-2015-005563 // 
            
            
            
            CNNVD: CNNVD-201510-562 // 
            
            
            
            NVD: CVE-2015-7023

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html
Trust: 1.7
url:https://support.apple.com/ht205370
Trust: 1.7
url:https://support.apple.com/ht205375
Trust: 1.7
url:http://www.securityfocus.com/bid/77263
Trust: 1.1
url:http://www.securitytracker.com/id/1033929
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7023
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7023
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84984 // 
            
            
            
            BID: 77263 // 
            
            
            
            JVNDB: JVNDB-2015-005563 // 
            
            
            
            CNNVD: CNNVD-201510-562 // 
            
            
            
            NVD: CVE-2015-7023

CREDITS
Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Hu
Trust: 0.3
sources:
            
            
            BID: 77263

SOURCES
db:VULHUBid:VHN-84984
db:BIDid:77263
db:JVNDBid:JVNDB-2015-005563
db:CNNVDid:CNNVD-201510-562
db:NVDid:CVE-2015-7023

LAST UPDATE DATE
2025-04-13T21:16:33.308000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84984date:2016-12-24T00:00:00
db:BIDid:77263date:2016-01-12T02:01:00
db:JVNDBid:JVNDB-2015-005563date:2015-10-27T00:00:00
db:CNNVDid:CNNVD-201510-562date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7023date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84984date:2015-10-23T00:00:00
db:BIDid:77263date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005563date:2015-10-27T00:00:00
db:CNNVDid:CNNVD-201510-562date:2015-10-26T00:00:00
db:NVDid:CVE-2015-7023date:2015-10-23T21:59:55.660