CVE-2015-1128 : The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.

Published 2015-04-10 14:59:41

Updated 2015-09-11 17:58:21

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2015-1128

Apple » Safari
Versions up to, including, (<=) 6.2.4
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0
cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.2
cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.1
cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.3
cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.4
cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.5
cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.2
cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.2
cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.0.6
cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.0
cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.0
cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.1
cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.1
cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.3
cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.3
cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 7.1.4
cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Safari » Version: 8.0.4
cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1128

EPSS FAQ

0.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1128

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-1128

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1128

http://www.securitytracker.com/id/1032047

Apple Safari Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTracker

CVEs referencing this url
https://support.apple.com/HT204658

About the security content of Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 - Apple Support
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-1128

Products affected by CVE-2015-1128

Exploit prediction scoring system (EPSS) score for CVE-2015-1128

CVSS scores for CVE-2015-1128

CWE ids for CVE-2015-1128

References for CVE-2015-1128