6.8

CVE-2015-3659

EPSS 1.11%
Veröffentlicht 03.07.2015 01:59:18
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version <= 8.3

Apple ≫ macOS X Version <= 10.10.3

Apple ≫ Safari Version <= 6.2.6

Apple ≫ Safari Version7.0

Apple ≫ Safari Version7.0.1

Apple ≫ Safari Version7.0.2

Apple ≫ Safari Version7.0.3

Apple ≫ Safari Version7.0.4

Apple ≫ Safari Version7.0.5

Apple ≫ Safari Version7.0.6

Apple ≫ Safari Version7.1.0

Apple ≫ Safari Version7.1.1

Apple ≫ Safari Version7.1.2

Apple ≫ Safari Version7.1.3

Apple ≫ Safari Version7.1.4

Apple ≫ Safari Version7.1.5

Apple ≫ Safari Version7.1.6

Apple ≫ Safari Version8.0

Apple ≫ Safari Version8.0.1

Apple ≫ Safari Version8.0.2

Apple ≫ Safari Version8.0.3

Apple ≫ Safari Version8.0.4

Apple ≫ Safari Version8.0.5

Apple ≫ Safari Version8.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.11%	0.772

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

Vendor Advisory

http://support.apple.com/kb/HT204941

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

http://www.ubuntu.com/usn/USN-2937-1

http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html

Vendor Advisory

http://support.apple.com/kb/HT204950

Vendor Advisory

http://www.securityfocus.com/bid/75492

http://www.securitytracker.com/id/1032754

https://nvd.nist.gov/vuln/detail/CVE-2015-3659

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3659

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3659

EUVD