CVE-2015-1129

Published Apr 10, 2015

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED0C640E-6836-4C93-BBB3-84B61E5EBB7B",
            "versionEndIncluding": "8.4.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E082F5D0-4261-4D84-8E4C-9D425028BFDA",
            "versionEndIncluding": "6.2.4"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49457917-495E-4D17-A0AB-D2A163D4721D"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "223B13DA-9328-46C2-8426-3182D55E6669"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD636DF3-E590-4603-9D18-CC2375A97750"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79C2EF49-A9F0-4612-903A-A3A95805277E"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "845A67F0-7BE6-482C-AE49-D8E9B272BA6C"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A5C7D83-EA9E-4E26-910D-8471252723EF"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FDB5E2A-F3BD-4500-922E-A191C45DE93C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References