WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
References
Link | Resource |
---|---|
https://support.apple.com/HT204658 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html | Vendor Advisory |
https://support.apple.com/HT204661 | Vendor Advisory |
http://www.securitytracker.com/id/1032047 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2015-04-10 07:59
Updated : 2015-09-11 10:57
NVD link : CVE-2015-1126
Mitre link : CVE-2015-1126
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
apple
- iphone_os
- safari