CVE-2015-1126
published 2015-04-10CVE-2015-1126: WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in…
PriorityP337medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
9.96%
95.0th percentile
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 8.2 | — |
| apple | safari | <= 6.2.4 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari_8.0.5_safari_7.1.5_and_safari | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability allows theft of non-HTTPOnly cookies from any domain via malicious FTP URLs with crafted userinfo fields in Safari/WebKit ↗
- →A Metasploit auxiliary module exists for this CVE targeting cookie theft via FTP URL abuse in Safari on OSX, iOS, and Windows ↗
- →Exploitation vector is via the userinfo field in FTP URLs processed by WebKit; monitor for FTP scheme URLs containing userinfo (user:pass@) segments delivered to Safari clients ↗
- ·Only non-HTTPOnly cookies are at risk; cookies set with the HttpOnly flag are not affected by this vulnerability ↗
- ·Affected versions are iOS before 8.3 and Safari before 6.2.5, 7.1.5, and 8.0.5; patches were released April 8, 2015 ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r4c3-86wx-hvpp: WebKit, as used in Apple iOS before 8
ghsa_unreviewed·2022-05-17
CVE-2015-1126 [MEDIUM] CWE-20 GHSA-r4c3-86wx-hvpp: WebKit, as used in Apple iOS before 8
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
OSV
CVE-2015-1126: WebKit, as used in Apple iOS before 8
osv·2015-04-10·CVSS 4.3
CVE-2015-1126 [MEDIUM] CVE-2015-1126: WebKit, as used in Apple iOS before 8
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Apple
CVE-2015-1126: iOS 8.3
vendor_apple·CVSS 4.3
CVE-2015-1126 [MEDIUM] CVE-2015-1126: iOS 8.3
Apple Security Update: About the security content of iOS 8.3
Product: iOS
Version: 8.3
CVE: CVE-2015-1126
Component: CVE-ID
Apple
CVE-2015-1126: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
vendor_apple·CVSS 4.3
CVE-2015-1126 [MEDIUM] CVE-2015-1126: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
Apple Security Update: About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5
Product: Safari 8.0.5, Safari 7.1.5, and Safari
Version: 6.2.5
CVE: CVE-2015-1126
Component: CVE-ID
No detection rules found.
Exploit-DB
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
exploitdb·2015-03-16
CVE-2015-2789 Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
---
Foxit Reader 7.0.6.1126 Unquoted Service Path Elevation Of Privilege
Vendor: Foxit Software Incorporated
Product web page: http://www.foxitsoftware.com
Affected version: 7.0.6.1126 and 6.1
Summary: Foxit Reader is a small, lightning fast, and feature rich PDF
viewer which allows you to create (free PDF creation), open, view, sign,
and print any PDF file.
Desc: The application suffers from an unquoted search path issue impacting
the service 'FoxitCloudUpdateService' for Windows deployed as part of Foxit
Reader. This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system. A
successful attempt would require the local user to be able to
Metasploit
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
metasploit
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlhttp://www.securitytracker.com/id/1032047https://support.apple.com/HT204658https://support.apple.com/HT204661http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlhttp://www.securitytracker.com/id/1032047https://support.apple.com/HT204658https://support.apple.com/HT204661
2015-04-10
Published