cbcvebase.
CVE-2015-1126
published 2015-04-10

CVE-2015-1126: WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in…

PriorityP337medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
9.96%
95.0th percentile
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

Affected

21 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os<= 8.2
applesafari<= 6.2.4
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari
applesafari_8.0.5_safari_7.1.5_and_safari

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability allows theft of non-HTTPOnly cookies from any domain via malicious FTP URLs with crafted userinfo fields in Safari/WebKit
  • A Metasploit auxiliary module exists for this CVE targeting cookie theft via FTP URL abuse in Safari on OSX, iOS, and Windows
  • Exploitation vector is via the userinfo field in FTP URLs processed by WebKit; monitor for FTP scheme URLs containing userinfo (user:pass@) segments delivered to Safari clients
  • ·Only non-HTTPOnly cookies are at risk; cookies set with the HttpOnly flag are not affected by this vulnerability
  • ·Affected versions are iOS before 8.3 and Safari before 6.2.5, 7.1.5, and 8.0.5; patches were released April 8, 2015

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.