CVE-2015-1127 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 65.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Apple Safari Apple Safari 8.0.5 Safari 7.1.5 AND Safari

Timeline

PublishedApr 10

Latest updateMay 17

Description

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDapple/safari6.2.4+17

▶Appleapple/safari_8.0.5_safari_7.1.5_and_safari6.2.5

▶Ubuntuwebkitgtk/webkitgtk< 2.4.10-0ubuntu0.14.04.1+1

🔴Vulnerability Details

GHSA

GHSA-m4rh-v8rf-pc3c: The private-browsing implementation in WebKit in Apple Safari before 6↗2022-05-17

▶

OSV

CVE-2015-1127: The private-browsing implementation in WebKit in Apple Safari before 6↗2015-04-10

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-03-21

▶

Apple

CVE-2015-1127: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5↗

▶