CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

Published: Apr 10, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1126
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	8.2.x
apple / safari	7.0.1	7.0.1.x
apple / safari	8.0.2	8.0.2.x
apple / safari	8.0.1	8.0.1.x
apple / safari	7.0.3	7.0.3.x
apple / safari	7.0.4	7.0.4.x
apple / safari	7.1.0	7.1.0.x
apple / safari	-	6.2.4.x
apple / safari	8.0.0	8.0.0.x
apple / safari	7.0.5	7.0.5.x
apple / safari	7.0.6	7.0.6.x
apple / safari	7.1.3	7.1.3.x
apple / safari	7.1.1	7.1.1.x
apple / safari	7.0	7.0.x
apple / safari	7.1.4	7.1.4.x
apple / safari	8.0.3	8.0.3.x
apple / safari	8.0.4	8.0.4.x
apple / safari	7.1.2	7.1.2.x
apple / safari	7.0.2	7.0.2.x

http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT204661

Vulnerability Database

CVE-2015-1126

Deep Security Visibility Without the Complexity