ID CVE-2015-5920
Summary The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
References
Vulnerable Configurations
  • Apple iTunes 12.2
    cpe:2.3:a:apple:itunes:12.2
CVSS
Base: 4.3 (as of 22-09-2015 - 09:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_12_3_0_BANNER.NASL
    description The version of Apple iTunes running on the remote host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the WebKit, CoreText, and ICU components, and in the bundled version of the Microsoft Visual Studio C++ Redistributable Package. An attacker can exploit these vulnerabilities to cause a denial of service, execute arbitrary code, or gain access to encrypted SMB credentials. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 86601
    published 2015-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86601
    title Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Windows
    NASL id ITUNES_12_3_0.NASL
    description The version of Apple iTunes installed on the remote Windows host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the bundled versions of WebKit, CoreText, the Microsoft Visual Studio C++ Redistributable Package, and ICU. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 86001
    published 2015-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86001
    title Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)
refmap via4
apple APPLE-SA-2015-09-16-3
confirm https://support.apple.com/HT205221
sectrack 1033617
Last major update 21-12-2016 - 22:00
Published 18-09-2015 - 08:00
Back to Top