Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1155 — Apple Iphone OS vulnerability

CWE-2647 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

67.9%

top 1.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Webkitgtk Apple Iphone OS Apple Safari +2 more

Timeline

PublishedMay 8

Latest updateMay 17

Description

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDapple/safari6.2.5+19

▶Appleapple/safari_8.0.6_safari_7.1.6_and_safari6.2.6

▶Ubuntuwebkitgtk/webkitgtk< 2.4.10-0ubuntu0.14.04.1+1

▶NVDapple/iphone_os8.3

▶Appleapple/ios8.4

🔴Vulnerability Details

GHSA

GHSA-ff67-8gvg-mp8f: The history implementation in WebKit, as used in Apple Safari before 6↗2022-05-17

▶

OSV

CVE-2015-1155: The history implementation in WebKit, as used in Apple Safari before 6↗2015-05-07

▶

💥Exploits & PoCs

Metasploit

Mac OS X Safari file:// Redirection Sandbox Escape↗

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-03-21

▶

Apple

CVE-2015-1155: Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6↗

▶

Apple

CVE-2015-1155: iOS 8.4↗

▶