CVE-2015-3727 — Apple Iphone OS vulnerability

CWE-2646 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.9%

top 23.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Apple Iphone OS Apple MAC OS X +3 more

Timeline

PublishedJul 3

Latest updateMay 17

Description

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

▶NVDapple/safari6.2.6+21

▶Appleapple/safari_8.0.7_safari_7.1.7_and_safari6.2.7

▶NVDapple/mac_os_x10.10.3

▶NVDapple/iphone_os8.3

▶Appleapple/ios8.4

🔴Vulnerability Details

GHSA

GHSA-7f26-wwp8-67rw: WebKit in Apple Safari before 6↗2022-05-17

▶

OSV

CVE-2015-3727: WebKit in Apple Safari before 6↗2015-07-02

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-03-21

▶

Apple

CVE-2015-3727: iOS 8.4↗

▶

Apple

CVE-2015-3727: Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7↗

▶