CVE-2015-3727

Sažetak

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.

Reference

http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204950
http://www.securityfocus.com/bid/75492
http://www.securitytracker.com/id/1032754
http://www.ubuntu.com/usn/USN-2937-1

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

28-12-2016 - 02:59

Objavljeno

03-07-2015 - 02:00