CVE-2015-1092

Опубликовано: 10 апр. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Комментарий

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Ссылки

http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
Vendor Advisory
http://www.securityfocus.com/bid/73983
http://www.securitytracker.com/id/1032050
https://support.apple.com/HT204661
Vendor Advisory
https://support.apple.com/HT204662
Vendor Advisory
https://support.apple.com/kb/HT204870
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
Vendor Advisory
http://www.securityfocus.com/bid/73983
http://www.securitytracker.com/id/1032050
https://support.apple.com/HT204661
Vendor Advisory
https://support.apple.com/HT204662
Vendor Advisory
https://support.apple.com/kb/HT204870

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

Конфигурация 2

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 8.2 (включая)

EPSS

Процентиль: 74%

0.00823

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jpw3-r754-qmfw

github

больше 3 лет назад