Sign-up

ID

VAR-201512-0119


CVE

CVE-2015-7093


TITLE

Apple iOS of Safari User interface URL Vulnerabilities that are disguised

Trust: 0.8

sources: JVNDB: JVNDB-2015-006360

DESCRIPTION

Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, execute arbitrary code, spoof the source URI of a site presented to an unsuspecting user. Failed exploit attempts may cause a denial-of-service condition. Versions prior to iOS 9.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Safari is one of the web browser components

Trust: 1.98

sources: NVD: CVE-2015-7093 // JVNDB: JVNDB-2015-006360 // BID: 78724 // VULHUB: VHN-85054

AFFECTED PRODUCTS

vendor:applemodel:safariscope:lteversion:9.0.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9.2 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.2 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.2 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:safariscope:eqversion:9.0.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.2

Trust: 0.3

sources: BID: 78724 // JVNDB: JVNDB-2015-006360 // CNNVD: CNNVD-201512-373 // NVD: CVE-2015-7093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7093
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7093
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-373
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85054
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7093
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85054
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85054 // JVNDB: JVNDB-2015-006360 // CNNVD: CNNVD-201512-373 // NVD: CVE-2015-7093

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-85054 // JVNDB: JVNDB-2015-006360 // NVD: CVE-2015-7093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-373

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006360

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-12-08-1 iOS 9.2url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
Trust: 0.8
title:HT205635url:https://support.apple.com/en-us/HT205635
Trust: 0.8
title:HT205635url:http://support.apple.com/ja-jp/HT205635
Trust: 0.8
title:Apple iOS Safari Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59191
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006360 // 
            
            
            
            CNNVD: CNNVD-201512-373

EXTERNAL IDS
db:NVDid:CVE-2015-7093
Trust: 2.8
db:SECTRACKid:1034348
Trust: 1.1
db:JVNid:JVNVU97526033
Trust: 0.8
db:JVNDBid:JVNDB-2015-006360
Trust: 0.8
db:CNNVDid:CNNVD-201512-373
Trust: 0.7
db:BIDid:78724
Trust: 0.3
db:VULHUBid:VHN-85054
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85054 // 
            
            
            
            BID: 78724 // 
            
            
            
            JVNDB: JVNDB-2015-006360 // 
            
            
            
            CNNVD: CNNVD-201512-373 // 
            
            
            
            NVD: CVE-2015-7093

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html
Trust: 1.7
url:https://support.apple.com/ht205635
Trust: 1.7
url:http://www.securitytracker.com/id/1034348
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7093
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97526033/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7093
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-85054 // 
            
            
            
            BID: 78724 // 
            
            
            
            JVNDB: JVNDB-2015-006360 // 
            
            
            
            CNNVD: CNNVD-201512-373 // 
            
            
            
            NVD: CVE-2015-7093

CREDITS
Or Safran, Luca Todesco, PanguTeam and xisigr of Tencent's Xuanwu LAB
Trust: 0.3
sources:
            
            
            BID: 78724

SOURCES
db:VULHUBid:VHN-85054
db:BIDid:78724
db:JVNDBid:JVNDB-2015-006360
db:CNNVDid:CNNVD-201512-373
db:NVDid:CVE-2015-7093

LAST UPDATE DATE
2025-04-13T20:19:13.316000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85054date:2016-12-07T00:00:00
db:BIDid:78724date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006360date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-373date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7093date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-85054date:2015-12-11T00:00:00
db:BIDid:78724date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006360date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-373date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7093date:2015-12-11T11:59:50.690