CVE-2015-1092 — XML External Entity (XXE) Injection in Apple Iphone OS

6 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Apple TV +2 more

Timeline

PublishedApr 10

Latest updateMay 14

Description

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDapple/tvos7.1

▶NVDapple/iphone_os8.2

▶Appleapple/ios8.3

▶Appleapple/apple_tv7.2

▶Appleapple/watch_os1.0.1

🔴Vulnerability Details

GHSA

GHSA-jpw3-r754-qmfw: NSXMLParser in Foundation in Apple iOS before 8↗2022-05-14

▶

📋Vendor Advisories

Apple

CVE-2015-1092: Watch OS 1.0.1↗

▶

Apple

CVE-2015-1092: Apple TV 7.2↗

▶

Apple

CVE-2015-1092: iOS 8.3↗

▶

💬Community

Bugzilla

CVE-2015-4053 ceph-deploy admin command copies keyring file to /etc/ceph which is world readable↗2015-05-22

▶