CVE-2015-9231

Published Sep 20, 2017

Last updated 7 years ago

CVSS high 7.5

Overview

Description: iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20151111:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D541D5B3-E66F-4C35-877C-8B171B6BF256"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20151229:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A1F6681-3CD0-42BD-92C6-81D76BFC1275"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160102:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDEC933C-D7D1-4D18-9611-8A07071BD2B8"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160113:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45C28CA6-C843-408F-8524-098B26981AA4"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160206:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90CC7A9C-2BF8-44B7-A8AE-E2C0D452C474"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160313:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A4F0136-FB99-4951-B246-498A7501134E"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160422:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6798E204-DF84-4911-82CE-A87CA7A6D62E"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160426:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB9179C2-0AB5-4E26-9D4A-98AA9C271A82"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160510:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A21448D-CF4A-4EC9-B154-5E05EC49A88A"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160523:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "967F6537-D0FA-4AFB-BE1A-CFDD95755C8C"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77FE4017-BEC1-417B-AFEA-79CB2629A090"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.0:preview:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E10C2E76-3DDB-4B33-BE36-4DC537439A07"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.1:preview:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "850DCE9E-5A29-4878-8820-E97F54E434EF"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5533F002-4138-4C1F-A2BE-2AB87A825278"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45A81082-568B-4700-985B-49443277655A"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3B51E61-58AC-4A18-B34A-82FC6BAF5D12"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AB81CA9-3B12-4446-9CE2-0E8E72F816EC"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A50C85F-782E-43E1-A12C-F9B491086792"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E64E03B-3752-4D80-9DAE-227222EE53C3"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A7A7F88-B785-4D00-A6C1-ED974CA14127"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14898C43-C43F-4704-943E-998E699392AD"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7966560-0C38-4154-AF67-DFAD114886FA"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "805896B0-57C0-4102-87D9-9746D48C623D"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B233D0E-3FBB-4859-905F-62FBD2A3B936"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "205A29E1-6E96-4BCF-B9E9-8FFD1B8AFE50"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5C28CBC-8D90-4C84-B461-876256A123D9"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "614CA11F-13FF-47DE-B0DE-480C252A9498"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.0.20160531:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5894EE5A-FB88-4C81-B34D-751FF0B42B83"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D292B9F-F988-498C-9D89-B3493C95E41F"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80258385-2E5C-4D0E-9BAD-F2BE332D7782"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02DEB069-F8F0-4A2E-9B22-2E9551CD5F9A"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3B134C1-6C41-45F7-B9A5-1D2D9926B3AE"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A37BE0F6-328F-48CF-85ED-540AB8ED186A"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19251F95-8539-44B1-B510-B805A746AE09"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B662018-34F8-42D7-8033-CB1E33880F50"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "109E96A3-1C7D-4CBB-8B12-E83608228F14"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CD1F432-90F0-47E3-83EE-D14793BD143D"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9663ACF-1DF0-4CF4-AF30-FE5DDEE37C54"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3A17E01-FE71-4ACB-A927-6F6B7AD0F078"
          },
          {
            "criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA28FE8A-1EE8-46F4-A83C-50D3A4AB744D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References