CVE-2015-1128 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 46.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Apple Safari 8.0.5 Safari 7.1.5 AND Safari

Timeline

PublishedApr 10

Latest updateMay 17

Description

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/safari6.2.4+17

▶Appleapple/safari_8.0.5_safari_7.1.5_and_safari6.2.5

🔴Vulnerability Details

GHSA

GHSA-7cw6-hg99-xjmj: The private-browsing implementation in Apple Safari before 6↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-1128: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5↗

▶