CVE-2015-5920
published 2015-09-18CVE-2015-5920: The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted…
medium4.3CVSS 3.1
AVNACMAuNCPINAN
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | <= 12.2 | — |
| apple | itunes | — | — |
Apple
CVE-2015-5920: iTunes 12.3
vendor_apple·CVSS 4.3
CVE-2015-5920 [MEDIUM] CVE-2015-5920: iTunes 12.3
Apple Security Update: About the security content of iTunes 12.3
Product: iTunes
Version: 12.3
CVE: CVE-2015-5920
Component: CVE-ID
GHSA
GHSA-wv3h-xgxp-x2j3: The Software Update component in Apple iTunes before 12
ghsa_unreviewed·2022-05-17
CVE-2015-5920 [MEDIUM] GHSA-wv3h-xgxp-x2j3: The Software Update component in Apple iTunes before 12
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-09-18
Published