Sign-up

ID

VAR-201512-0130


CVE

CVE-2015-7104


TITLE

Apple Safari and tvOS Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-006319

DESCRIPTION

WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple Safari and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. The former is a web browser that comes with the default browser on Mac OS X and iOS operating systems; the latter is an operating system for smart TVs. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in Apple Safari 9.0.1 and earlier, and tvOS 9.0 and earlier WebKit. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWa0HxAAoJEBcWfLTuOo7tL3sP/3IMYdGz6mTS98t6/aMJx8Ew okyR8nBT2M3ALNVxTJeVxRbHc11f75x9DVJMV4Q291MRqeX3b7wHBcvoizmOM66c bWNIqRdIYVub+WWwljBuzdsPIT0d9NlY8Htz9dbwtWmTPACYNKYr9ZUO1T9ntSer WCEBRql2VlpOpr12FfpRc2I52BisIF1pVm24QmsVfgJM156lWxFAjC+i6ESOeBnd waL4T5aw7+mZuoIbUSQvVsjEo2ay5wglAvPhYDlwpEMEY+w0U0E077qr/6LiLf9B MtxIz6i/rtPD4Ak+rKLdAbAGah0nWvVPomo4KI+xS+kxlmxEQY2Q7dUzDpCmviho ZMEgjoEFAouUa+mQC0w+CSxMyO5MS5ZDoZo14DHfkB978DDBjW88xAky4Row5gjX 97ZJ/+933eYqrcNLjc74CNoTDHw22YQ9bys05qJ2FovoTu0s+qsVWhx5tEehxJLr RTvBfc/49JNTracvb/uK7ShbUc9u6qj9g5tHCgLqU6KwFj/vafF5d/lQph4gz6NQ 2xAxKCQjzS6Hqalj0xjmw51b2rxZXjXW2Q4itRa+BVbG8Eb8Frp5yzj5h/m/pS5/ 5/yMR9vYDYXN8psVrSSPhFtpCz0jloeAWsSJk5nM+ReH4sUwRyS3dV7ONfyDxtvo jIfn9cPnOmCwLLCZl2E9 =eKwE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-5 Safari 9.0.2 Safari 9.0.2 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7048 : Apple CVE-2015-7095 : Apple CVE-2015-7096 : Apple CVE-2015-7097 : Apple CVE-2015-7098 : Apple CVE-2015-7099 : Apple CVE-2015-7100 : Apple CVE-2015-7101 : Apple CVE-2015-7102 : Apple CVE-2015-7103 : Apple CVE-2015-7104 : Apple WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan 10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: An insufficient input validation issue existed in content blocking. This issue was addressed through improved content extension parsing. CVE-ID CVE-2015-7050 : Luke Li and Jonathan Metzman Installation note: Safari 9.0.2 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRXAAoJEBcWfLTuOo7tp/kP/1QG495DAo4BKcJwr5oHxeK+ V0cld44Ot1F9+m8Pd2Il5kkE2mxEGnvOdtEQM0mOT80qfdTVi9zD4ypnFWkBcob1 tV0hEa7/LxMe1OtDMeeNM+qW22Ap6RO8o7v6mCzdn72ds0xSmiPFGuQ1RiRflKRj MjU+k61a3oEe2/rkvbBfuDSIm+4yZo1PjTDI02UoD5JC2nJ0Dlk6978hF6lLSrCv 28UR0i6NijI3Wa2Uq3gSA+qY9bo02sC1XOEveTfftLUfl1QOID0VZGHHnrao4mfx LpxYJR2XJpTvNs1x3lCOcTYWJr4Ju99/ZFkHneAj2OQEvOhP/CHuqUmUglHW9UMW CwQKAVZD242e6qPUu0xaW/nH4dQHbridWPWR3MfwiFj6Vbzc3Wpc+tx7LGdlFuhG 9/goo4MMI7QFdxFXD3bbcOhYRi6DbqJUSxTvWfpC2sssFmZ/N5kmr0w2ccXMUAGc Ez2M8Wm+gVYlCeBMS3rtPkxVcayzHZnxhj+3Fa7Qh3FAY9NdnJ/UA6xJdPrQvTpd DJsQUIK9Ung2c1D3kGGN6QgnUCgL3CtZ7RCSgPD8Zqs4q6Zhuwq6uquC3EDIZO2y HgMF1dRKihaXV5URz9IXfQAHQvbR1PD5e/KuL32bEtXwE0Oxocp1jTrIeIrW71JZ 2qcwUzBx5TzaQfLl+Rk1 =7iMd -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2015-7104 // JVNDB: JVNDB-2015-006319 // BID: 78726 // VULHUB: VHN-85065 // PACKETSTORM: 134792 // PACKETSTORM: 134746

AFFECTED PRODUCTS

vendor:applemodel:safariscope:lteversion:9.0.1

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:9.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:9.0.1

Trust: 0.9

vendor:applemodel:itunesscope:ltversion:12.3.2 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.0.2 (os x el capitan v10.11 and v10.11.1)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.0.2 (os x mavericks v10.9.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.0.2 (os x yosemite v10.10.5)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:9.0

Trust: 0.6

vendor:applemodel:safariscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.0.80

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.31

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:safariscope:neversion:9.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:itunesscope:neversion:12.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.1.4

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.2

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.8.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.7.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.4

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.4.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.34

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.7.4

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.6

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2.12

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1.42

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.7

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.7.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.52

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4419.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.31

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.28

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:neversion:2.10

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.3

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.6

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:12.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.33

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.0.163

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.30

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6.1.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:11.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.3

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.6.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.2

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.8.4

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 0.3

vendor:themodel:webkitgtk+ team webkitgtk+scope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

sources: BID: 78726 // JVNDB: JVNDB-2015-006319 // CNNVD: CNNVD-201512-384 // NVD: CVE-2015-7104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7104
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7104
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-384
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85065
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7104
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85065
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85065 // JVNDB: JVNDB-2015-006319 // CNNVD: CNNVD-201512-384 // NVD: CVE-2015-7104

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-85065 // JVNDB: JVNDB-2015-006319 // NVD: CVE-2015-7104

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-384

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201512-384

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006319

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-12-08-2 tvOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
Trust: 0.8
title:APPLE-SA-2015-12-08-5 Safari 9.0.2url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html
Trust: 0.8
title:APPLE-SA-2015-12-11-1 iTunes 12.3.2url:http://lists.apple.com/archives/security-announce/2015/Dec/msg00006.html
Trust: 0.8
title:HT205640url:https://support.apple.com/en-us/HT205640
Trust: 0.8
title:HT205639url:https://support.apple.com/en-us/HT205639
Trust: 0.8
title:HT205636url:https://support.apple.com/en-us/HT205636
Trust: 0.8
title:HT205636url:http://support.apple.com/ja-jp/HT205636
Trust: 0.8
title:HT205640url:http://support.apple.com/ja-jp/HT205640
Trust: 0.8
title:HT205639url:http://support.apple.com/ja-jp/HT205639
Trust: 0.8
title:Apple Safari  and tvOS WebKit Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59202
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006319 // 
            
            
            
            CNNVD: CNNVD-201512-384

EXTERNAL IDS
db:NVDid:CVE-2015-7104
Trust: 3.0
db:BIDid:78726
Trust: 2.0
db:SECTRACKid:1034341
Trust: 1.7
db:JVNid:JVNVU97526033
Trust: 0.8
db:JVNDBid:JVNDB-2015-006319
Trust: 0.8
db:CNNVDid:CNNVD-201512-384
Trust: 0.7
db:VULHUBid:VHN-85065
Trust: 0.1
db:PACKETSTORMid:134792
Trust: 0.1
db:PACKETSTORMid:134746
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85065 // 
            
            
            
            BID: 78726 // 
            
            
            
            JVNDB: JVNDB-2015-006319 // 
            
            
            
            PACKETSTORM: 134792 // 
            
            
            
            PACKETSTORM: 134746 // 
            
            
            
            CNNVD: CNNVD-201512-384 // 
            
            
            
            NVD: CVE-2015-7104

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/dec/msg00003.html
Trust: 1.7
url:http://www.securityfocus.com/bid/78726
Trust: 1.7
url:https://support.apple.com/ht205639
Trust: 1.7
url:https://support.apple.com/ht205640
Trust: 1.7
url:https://support.apple.com/kb/ht205636
Trust: 1.7
url:http://www.securitytracker.com/id/1034341
Trust: 1.7
url:http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7104
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97526033/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7104
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:http://webkitgtk.org/security/wsa-2015-0002.html
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-7100
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7095
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7050
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7097
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7102
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7103
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7098
Trust: 0.2
url:https://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7104
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7099
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7101
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7096
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-7048
Trust: 0.2
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85065 // 
            
            
            
            BID: 78726 // 
            
            
            
            JVNDB: JVNDB-2015-006319 // 
            
            
            
            PACKETSTORM: 134792 // 
            
            
            
            PACKETSTORM: 134746 // 
            
            
            
            CNNVD: CNNVD-201512-384 // 
            
            
            
            NVD: CVE-2015-7104

CREDITS
Apple
Trust: 0.5
sources:
            
            
            BID: 78726 // 
            
            
            
            PACKETSTORM: 134792 // 
            
            
            
            PACKETSTORM: 134746

SOURCES
db:VULHUBid:VHN-85065
db:BIDid:78726
db:JVNDBid:JVNDB-2015-006319
db:PACKETSTORMid:134792
db:PACKETSTORMid:134746
db:CNNVDid:CNNVD-201512-384
db:NVDid:CVE-2015-7104

LAST UPDATE DATE
2025-04-13T22:00:05.333000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85065date:2019-03-08T00:00:00
db:BIDid:78726date:2016-02-02T20:04:00
db:JVNDBid:JVNDB-2015-006319date:2015-12-15T00:00:00
db:CNNVDid:CNNVD-201512-384date:2019-03-13T00:00:00
db:NVDid:CVE-2015-7104date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-85065date:2015-12-11T00:00:00
db:BIDid:78726date:2015-12-08T00:00:00
db:JVNDBid:JVNDB-2015-006319date:2015-12-15T00:00:00
db:PACKETSTORMid:134792date:2015-12-12T18:22:22
db:PACKETSTORMid:134746date:2015-12-10T17:09:58
db:CNNVDid:CNNVD-201512-384date:2015-12-14T00:00:00
db:NVDid:CVE-2015-7104date:2015-12-11T12:00:01.693