Vulnerability Details : CVE-2015-1127

The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.

Vulnerability category: Information leak

Published 2015-04-10 14:59:40

Updated 2016-12-03 03:03:06

Source Apple Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-1127

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-1127

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-1127

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1127

http://www.securitytracker.com/id/1032047

Apple Safari Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker

CVEs referencing this url
https://support.apple.com/HT204658

About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 - Apple Support
Vendor Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2937-1

USN-2937-1: WebKitGTK+ vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

openSUSE-SU-2016:0915-1: moderate: Security update for webkitgtk

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-1127

Apple » Safari
Versions up to, including, (<=) 6.2.4
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0
cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.2
cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.1
cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.3
cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.4
cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.5
cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.2
cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.2
cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.6
cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.0
cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.0
cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.1
cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.1
cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.3
cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.3
cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.4
cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.4
cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
Matching versions