CVE-2015-7013 - Vulnerability Details - OpenCVE

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Itunes Mac Os X

Configuration 1 [-]

OR	cpe:2.3:a:apple:itunes::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html
http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
http://www.securityfocus.com/bid/77264
http://www.securitytracker.com/id/1033939
https://support.apple.com/HT205372
https://support.apple.com/HT205377

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2015-10-23T21:00:00

Updated: 2024-08-06T07:36:35.255Z

Reserved: 2015-09-16T00:00:00

Link: CVE-2015-7013

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-10-23T21:59:48.003

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-7013

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "77264", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77264"}, {"name": "openSUSE-SU-2016:0761", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205372"}, {"name": "APPLE-SA-2015-10-21-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html"}, {"name": "APPLE-SA-2015-10-21-5", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205377"}, {"name": "1033939", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033939"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2015-7013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "77264", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77264"}, {"name": "openSUSE-SU-2016:0761", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"}, {"name": "https://support.apple.com/HT205372", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205372"}, {"name": "APPLE-SA-2015-10-21-3", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html"}, {"name": "APPLE-SA-2015-10-21-5", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html"}, {"name": "https://support.apple.com/HT205377", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205377"}, {"name": "1033939", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033939"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:36:35.255Z"}, "title": "CVE Program Container", "references": [{"name": "77264", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77264"}, {"name": "openSUSE-SU-2016:0761", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205372"}, {"name": "APPLE-SA-2015-10-21-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html"}, {"name": "APPLE-SA-2015-10-21-5", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205377"}, {"name": "1033939", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033939"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2015-7013", "datePublished": "2015-10-23T21:00:00", "dateReserved": "2015-09-16T00:00:00", "dateUpdated": "2024-08-06T07:36:35.255Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDFDD01C-BE8A-4C53-A3B1-EC24B7097A74", "versionEndIncluding": "12.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "80183356-E606-44CE-A2FB-584154EA6B7E", "versionEndIncluding": "9.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "82D0EE4D-4866-43A3-89B5-6C9BBD839493", "versionEndIncluding": "10.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5."}, {"lang": "es", "value": "WebKit, como se utiliza en Apple Safari en versiones anteriores a 9.0.1 y iTunes en versiones anteriores a 12.3.1, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un sitio web manipulado, una vulnerabilidad diferente a los CVEs WebKit listados en APPLE-SA-2015-10-21-3 y APPLE-SA-2015-10-21-5."}], "id": "CVE-2015-7013", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-10-23T21:59:48.003", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html"}, {"source": "product-security@apple.com", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/77264"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1033939"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205372"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205377"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/77264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT205377"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}