cvelistv5 - CVE-2015-1067

CVE-2015-1067 (GCVE-0-2015-1067)

Vulnerability from cvelistv5

Published

2015-03-11 01:00

Modified

2024-08-06 04:33

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CERTFR-2015-AVI-092

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks
Apple	N/A	Apple TV
Apple	N/A	OS X Moutain Lion
Apple	N/A	OS X Yosemite
Apple	N/A	iOS 8.2
Apple	N/A	Xcode 6.2

References

Title

Publication Time

ghsa-2cqr-v8j2-59fq

Vulnerability from github

Published

2022-05-14 01:25

Modified

2025-04-12 12:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1067"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-03-11T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.",
  "id": "GHSA-2cqr-v8j2-59fq",
  "modified": "2025-04-12T12:46:02Z",
  "published": "2022-05-14T01:25:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1067"
    },
    {
      "type": "WEB",
      "url": "https://freakattack.com"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204413"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204423"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204426"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204659"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT204870"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73009"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031829"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031830"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2015-1067

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-1067

Aliases

CVE-2015-1067

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1067",
    "description": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.",
    "id": "GSD-2015-1067"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1067"
      ],
      "details": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.",
      "id": "GSD-2015-1067",
      "modified": "2023-12-13T01:20:05.345180Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-1067",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "73009",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/73009"
          },
          {
            "name": "https://support.apple.com/HT204659",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204659"
          },
          {
            "name": "https://support.apple.com/kb/HT204870",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT204870"
          },
          {
            "name": "APPLE-SA-2015-03-09-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
          },
          {
            "name": "1031829",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031829"
          },
          {
            "name": "1031830",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031830"
          },
          {
            "name": "APPLE-SA-2015-03-09-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
          },
          {
            "name": "https://support.apple.com/HT204426",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204426"
          },
          {
            "name": "https://freakattack.com/",
            "refsource": "MISC",
            "url": "https://freakattack.com/"
          },
          {
            "name": "https://support.apple.com/HT204413",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204413"
          },
          {
            "name": "APPLE-SA-2015-04-08-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
          },
          {
            "name": "APPLE-SA-2015-03-09-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
          },
          {
            "name": "https://support.apple.com/HT204423",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT204423"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-1067"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT204426",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204426"
            },
            {
              "name": "https://support.apple.com/HT204423",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204423"
            },
            {
              "name": "APPLE-SA-2015-03-09-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
            },
            {
              "name": "APPLE-SA-2015-03-09-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
            },
            {
              "name": "https://support.apple.com/HT204413",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204413"
            },
            {
              "name": "https://freakattack.com/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://freakattack.com/"
            },
            {
              "name": "APPLE-SA-2015-03-09-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
            },
            {
              "name": "1031829",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1031829"
            },
            {
              "name": "1031830",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1031830"
            },
            {
              "name": "https://support.apple.com/HT204659",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT204659"
            },
            {
              "name": "APPLE-SA-2015-04-08-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
            },
            {
              "name": "https://support.apple.com/kb/HT204870",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT204870"
            },
            {
              "name": "73009",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/73009"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2015-03-11T01:59Z"
    }
  }
}

fkie_cve-2015-1067

Vulnerability from fkie_nvd

Published

2015-03-11 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/73009
product-security@apple.com	http://www.securitytracker.com/id/1031829	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1031830	Third Party Advisory, VDB Entry
product-security@apple.com	https://freakattack.com/	Exploit
product-security@apple.com	https://support.apple.com/HT204413	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204423	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204426	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT204659	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT204870
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73009
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031829	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031830	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://freakattack.com/	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204413	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204423	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204426	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT204659	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT204870

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	tvos	*
apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "045D7827-3EB8-43A1-AC80-9C94C395D364",
              "versionEndIncluding": "10.10.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5715DF19-503E-4397-A127-3FA66AACE0BF",
              "versionEndIncluding": "7.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E778E9-865E-410F-98FE-25E2D898BA71",
              "versionEndIncluding": "8.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637."
    },
    {
      "lang": "es",
      "value": "Secure Transport en Apple iOS anterior a 8.2, Apple OS X hasta 10.10.2, y Apple TV anterior a 7.1 no restringe correctamente las transiciones de estados TLS, lo que facilita a atacantes remotos realizar ataques de la degradaci\u00f3n del cifrado en los cifrados EXPORT_RSA a trav\u00e9s de trafico TLS manipulado, relacionado con el problema \u0027FREAK\u0027, una vulnerabilidad diferente a CVE-2015-0204 y CVE-2015-1637."
    }
  ],
  "id": "CVE-2015-1067",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-03-11T01:59:00.063",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/73009"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031829"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031830"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://freakattack.com/"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204413"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204426"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204659"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/kb/HT204870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://freakattack.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT204659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT204870"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2015-01647

Vulnerability from cnvd

Title

多款Apple产品Secure Transport存在未明漏洞

Description

Apple iOS、Apple TV和Apple OS X都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；Apple TV是一款高清电视机顶盒产品；Apple OS X是为Mac计算机所开发的一套专用操作系统。多款Apple产品的Secure Transport中存在安全漏洞，该漏洞源于程序未能正确限制TLS状态的转换。远程攻击者可借助特制的TLS流量利用该漏洞对EXPORT_RSA密码实施cipher-downgrade攻击。

Severity

中

Patch Name

多款Apple产品Secure Transport存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/en-us/HT204426

Reference

https://support.apple.com/HT204423

Impacted products

Name
['Apple OS X <10.10.2', 'Apple IOS <8.2', 'Apple TV <7.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1067"
    }
  },
  "description": "Apple iOS\u3001Apple TV\u548cApple OS X\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bApple TV\u662f\u4e00\u6b3e\u9ad8\u6e05\u7535\u89c6\u673a\u9876\u76d2\u4ea7\u54c1\uff1bApple OS X\u662f\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u7684Secure Transport\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236TLS\u72b6\u6001\u7684\u8f6c\u6362\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684TLS\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9EXPORT_RSA\u5bc6\u7801\u5b9e\u65bdcipher-downgrade\u653b\u51fb\u3002",
  "discovererName": "Apple",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-us/HT204426",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01647",
  "openTime": "2015-03-13",
  "patchDescription": "Apple iOS\u3001Apple TV\u548cApple OS X\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bApple TV\u662f\u4e00\u6b3e\u9ad8\u6e05\u7535\u89c6\u673a\u9876\u76d2\u4ea7\u54c1\uff1bApple OS X\u662f\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\u591a\u6b3eApple\u4ea7\u54c1\u7684Secure Transport\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9650\u5236TLS\u72b6\u6001\u7684\u8f6c\u6362\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684TLS\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9EXPORT_RSA\u5bc6\u7801\u5b9e\u65bdcipher-downgrade\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1Secure Transport\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple OS X \u003c10.10.2",
      "Apple IOS \u003c8.2",
      "Apple TV \u003c7.1"
    ]
  },
  "referenceLink": "https://support.apple.com/HT204423",
  "serverity": "\u4e2d",
  "submitTime": "2015-03-12",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1Secure Transport\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

var-201503-0091

Vulnerability from variot

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. This case "FREAK" Vulnerability related to the problem. This vulnerability CVE-2015-0204 and CVE-2015-1637 Is a different vulnerability.Skillfully crafted by a third party TLS Through traffic EXPORT_RSA A cipher suite downgrade attack may be performed on the cipher. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. Apple iOS, Mac Os X, and TV are prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. in the United States. A security vulnerability exists in the Secure Transport of several Apple products. The vulnerability is caused by the program not properly restricting the transition of TLS state. The following products and versions are affected: Apple iOS versions prior to 8.2, Apple OS X versions prior to 10.10.2, and Apple TV versions prior to 7.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

Watch OS 1.0.1 is now available and addresses the following:

Certificate Trust Policy Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/kb/204873

FontParser Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld

Foundation Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2015-1092 : Ikuya Fukumoto

IOHIDFamily Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive

IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOAcceleratorFamily that led to the disclosure of kernel memory content. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to cause unexpected system termination or read kernel memory Description: An out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd

Kernel Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Secure Transport Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVW38oAAoJEBcWfLTuOo7tXpIP/3v/tqCIVXg28xQpAK2vRVtw S3clbM17RBsJ1b239DmGUdRNNCVimQCHk1dQ4M3szrXx73VjWroh1hSq2+hObL65 FGa4jYbns7OGbTr9YZW/fScJ9mnAuG1nDHcNLL8W2DyFuxNEJsCB668QPdTTMOoO Xpx8jZUZyXIyX2V3Ch1qasXsSV0IwSA5GPg5IFFFuaNXGC62AXx49UmFTtjBCs4w bvTRPKKBowuP80zmIaxlWpGXhTIe8TwjCDGSejk5kdddcqjXe1yzA1UPM+uBTHZK 7xOX55CctqT2LkO4ND6EWaaPUozDJtEoUf+pFjnJmZxNd6BHPx86KbkUw3lcBXso xZplhgaFlaA4UTxMLFJONId0DYtyXH7CLOYW9BKjyzMMo0YZHdt/2CQ1HQKfzQ9m bT+MT/wdFcgCjr90GLG9OFLCwf5h8bAHRtpvhWrV78ek6V92GuwjZUA8x18avNQO 1th8l49j+JN+OcVv0bvmxVSQpFurTfVRAxZ9lTq4VDdqZanwbvP6INOB8wxhKNbK 8phc4Amh8TwFf2esdmMWawWWAqxXL1+2D+MWxR+C8Hm4CWyxYvKhvHacM20IDTfF 6exVyn4D9FhnT16ggkF6qH9vOOrQk3msHmxdC3fdE4dRhR8W7xRbuNEMXn3CyP6f ssKTqTcaARrUZzOjyx2Z =HMct -----END PGP SIGNATURE----- . CVE-ID CVE-2015-1063 : Roman Digerberg, Sweden

iCloud Keychain Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

MobileStorageMounter Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to create folders in trusted locations in the file system Description: An issue existed in the developer disk mounting logic which resulted in invalid disk image folders not being deleted. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

Springboard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device is not activated Description: An unexpected application termination during activation could have caused the device to show the home screen. CVE-ID CVE-2015-1064

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "8.2". CVE-ID CVE-2015-1061 : Ian Beer of Google Project Zero

Kernel Available for: OS X Yosemite v10.10.2 Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0091",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v4 to  v5.1"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/faq navigator"
      },
      {
        "model": "csview",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/web questionnaire"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver6.0 to  ver8.0"
      },
      {
        "model": "enterpriseidentitymanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "infocage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "security risk management  v1.0.2 to  v2.1.4"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "a series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "d series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "e series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "hs series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "m series  (nas including options )"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "s series"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "standard edition v4.2 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "standard-j edition v4.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "standard edition v7.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "standard v8.2 to  v9.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "standard-j edition v7.1 to  v8.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "standard edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "application navigator v3.1.0.x to  v4.1.0.x"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "jobcenter cl/web r13.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "nec",
        "version": "jobcenter cl/web r13.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.2"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "research in motion rim",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1   (apple tv first  3 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.2   (ipod touch first  5 after generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1   (apple watch edition)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1   (apple watch sport)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.1   (apple watch)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "BID",
        "id": "73009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:capssuite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:csview",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:enterprise_directoryserver",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:enterpriseidentitymanager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:nec:express5800",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:infocage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:nec:ip38x_sr100",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:nec:istorage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:secureware_pki_application_development_kit",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_portal",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_sip_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:websam",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-1067",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-1067",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1067",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2015-001672",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-79027",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-1067",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-1067",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2015-001672",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-235",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-79027",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. This case \"FREAK\" Vulnerability related to the problem. This vulnerability CVE-2015-0204 and CVE-2015-1637 Is a different vulnerability.Skillfully crafted by a third party TLS Through traffic EXPORT_RSA A cipher suite downgrade attack may be performed on the cipher. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called \u201cattack\u201d. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027) https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. Apple iOS, Mac Os X, and TV are prone to a security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a  man-in-the-middle attack. This may lead to other attacks. in the United States. A security vulnerability exists in the Secure Transport of several Apple products. The vulnerability is caused by the program not properly restricting the transition of TLS state. The following products and versions are affected: Apple iOS versions prior to 8.2, Apple OS X versions prior to 10.10.2, and Apple TV versions prior to 7.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-05-19-1 Watch OS 1.0.1\n\nWatch OS 1.0.1 is now available and addresses the following:\n\nCertificate Trust Policy\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  Update to the certificate trust policy\nDescription:  The certificate trust policy was updated. The complete\nlist of certificates may be viewed at\nhttps://support.apple.com/kb/204873\n\nFontParser\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nFoundation\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  An application using NSXMLParser may be misused to disclose\ninformation\nDescription:  An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2015-1092 : Ikuya Fukumoto\n\nIOHIDFamily\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOAcceleratorFamily\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in IOAcceleratorFamily that led to the\ndisclosure of kernel memory content. This issue was addressed by\nremoving unneeded code. \nCVE-ID\nCVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A malicious application may be able to cause a system denial\nof service\nDescription:  A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription:  ICMP redirects were enabled by default. This issue was\naddressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A malicious application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription:  setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A remote attacker may be able to bypass network filters\nDescription:  The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  An attacker with a privileged network position may be able\nto cause a denial of service\nDescription:  A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A malicious application may be able to cause unexpected\nsystem termination or read kernel memory\nDescription:  An out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecure Transport\nAvailable for:  Apple Watch Sport, Apple Watch,\nand Apple Watch Edition\nImpact:  An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription:  Secure Transport accepted short ephemeral RSA keys,\nusually used only in export-strength RSA cipher suites, on\nconnections using full-strength RSA cipher suites. This issue, also\nknown as FREAK, only affected connections to servers which support\nexport-strength RSA cipher suites, and was addressed by removing\nsupport for ephemeral RSA keys. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVW38oAAoJEBcWfLTuOo7tXpIP/3v/tqCIVXg28xQpAK2vRVtw\nS3clbM17RBsJ1b239DmGUdRNNCVimQCHk1dQ4M3szrXx73VjWroh1hSq2+hObL65\nFGa4jYbns7OGbTr9YZW/fScJ9mnAuG1nDHcNLL8W2DyFuxNEJsCB668QPdTTMOoO\nXpx8jZUZyXIyX2V3Ch1qasXsSV0IwSA5GPg5IFFFuaNXGC62AXx49UmFTtjBCs4w\nbvTRPKKBowuP80zmIaxlWpGXhTIe8TwjCDGSejk5kdddcqjXe1yzA1UPM+uBTHZK\n7xOX55CctqT2LkO4ND6EWaaPUozDJtEoUf+pFjnJmZxNd6BHPx86KbkUw3lcBXso\nxZplhgaFlaA4UTxMLFJONId0DYtyXH7CLOYW9BKjyzMMo0YZHdt/2CQ1HQKfzQ9m\nbT+MT/wdFcgCjr90GLG9OFLCwf5h8bAHRtpvhWrV78ek6V92GuwjZUA8x18avNQO\n1th8l49j+JN+OcVv0bvmxVSQpFurTfVRAxZ9lTq4VDdqZanwbvP6INOB8wxhKNbK\n8phc4Amh8TwFf2esdmMWawWWAqxXL1+2D+MWxR+C8Hm4CWyxYvKhvHacM20IDTfF\n6exVyn4D9FhnT16ggkF6qH9vOOrQk3msHmxdC3fdE4dRhR8W7xRbuNEMXn3CyP6f\nssKTqTcaARrUZzOjyx2Z\n=HMct\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-1063 : Roman Digerberg, Sweden\n\niCloud Keychain\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  Multiple buffer overflows existed in the handling of\ndata during iCloud Keychain recovery. \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nMobileStorageMounter\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious application may be able to create folders in\ntrusted locations in the file system\nDescription:  An issue existed in the developer disk mounting logic\nwhich resulted in invalid disk image folders not being deleted. \nCVE-ID\nCVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine\nDelignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of\nProsecco at Inria Paris\n\nSpringboard\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A person with physical access to the device may be able to\nsee the home screen of the device even if the device is not activated\nDescription:  An unexpected application termination during activation\ncould have caused the device to show the home screen. \nCVE-ID\nCVE-2015-1064\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"8.2\". \nCVE-ID\nCVE-2015-1061 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  OS X Yosemite v10.10.2\nImpact:  Maliciously crafted or compromised applications may be able\nto determine addresses in the kernel\nDescription:  The mach_port_kobject kernel interface leaked kernel\naddresses and heap permutation value, which may aid in bypassing\naddress space layout randomization protection",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      },
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "BID",
        "id": "73009"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      }
    ],
    "trust": 3.78
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1067",
        "trust": 3.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#243585",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "73009",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1031830",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1031829",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU99125992",
        "trust": 1.6
      },
      {
        "db": "JVN",
        "id": "JVNVU93832567",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU90171154",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "131932",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-79027",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130742",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130741",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "130743",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "db": "BID",
        "id": "73009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "id": "VAR-201503-0091",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:39:18.903000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 1.6,
        "url": "http://jvn.jp/vu/JVNVU99125992/522154/index.html"
      },
      {
        "title": "NV15-016",
        "trust": 1.6,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-016.html"
      },
      {
        "title": "APPLE-SA-2015-03-09-1 iOS 8.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
      },
      {
        "title": "APPLE-SA-2015-03-09-2 AppleTV 7.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-03-09-3 Security Update 2015-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
      },
      {
        "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
      },
      {
        "title": "APPLE-SA-2015-05-19-1 Watch OS 1.0.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/May/msg00001.html"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204423"
      },
      {
        "title": "HT204413",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204413"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT204659"
      },
      {
        "title": "HT204426",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204426"
      },
      {
        "title": "HT204870",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT204870"
      },
      {
        "title": "HT204870",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT204870"
      },
      {
        "title": "HT204659",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT204659"
      },
      {
        "title": "HT204423",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204423"
      },
      {
        "title": "HT204413",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204413"
      },
      {
        "title": "HT204426",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204426"
      },
      {
        "title": "[08 Jan 2015]",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150108.txt"
      },
      {
        "title": "3046015",
        "trust": 0.8,
        "url": "https://technet.microsoft.com/ja-jp/library/security/3046015"
      },
      {
        "title": "iPhone7,1_8.2_12D508_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54079"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://freakattack.com/"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/mar/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/73009"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204413"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204423"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204426"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht204659"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht204870"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1031829"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1031830"
      },
      {
        "trust": 1.6,
        "url": "https://www.smacktls.com/#freak"
      },
      {
        "trust": 1.6,
        "url": "http://jvn.jp/vu/jvnvu99125992/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.kb.cert.org/vuls/id/243585"
      },
      {
        "trust": 0.8,
        "url": "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/757.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/326.html"
      },
      {
        "trust": 0.8,
        "url": "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2"
      },
      {
        "trust": 0.8,
        "url": "https://technet.microsoft.com/library/security/3046015.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1067"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90171154/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93832567/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1067"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1067"
      },
      {
        "trust": 0.4,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/appletv/features.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1061"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1062"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1065"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1104"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1093"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1099"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1101"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1096"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/204873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1102"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1092"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1100"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1117"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1094"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1064"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1063"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1066"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4496"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "db": "BID",
        "id": "73009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "db": "BID",
        "id": "73009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "date": "2015-03-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "date": "2015-03-09T00:00:00",
        "db": "BID",
        "id": "73009"
      },
      {
        "date": "2015-03-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "date": "2015-03-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "date": "2015-03-10T16:17:57",
        "db": "PACKETSTORM",
        "id": "130742"
      },
      {
        "date": "2015-05-20T22:44:42",
        "db": "PACKETSTORM",
        "id": "131932"
      },
      {
        "date": "2015-03-10T16:14:34",
        "db": "PACKETSTORM",
        "id": "130741"
      },
      {
        "date": "2015-03-10T16:20:32",
        "db": "PACKETSTORM",
        "id": "130743"
      },
      {
        "date": "2015-03-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "date": "2015-03-11T01:59:00.063000",
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#243585"
      },
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-79027"
      },
      {
        "date": "2015-07-15T00:04:00",
        "db": "BID",
        "id": "73009"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001770"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001672"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      },
      {
        "date": "2024-11-21T02:24:35.490000",
        "db": "NVD",
        "id": "CVE-2015-1067"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#243585"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-235"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-1067 (GCVE-0-2015-1067)

Vulnerability from cvelistv5

CERTFR-2015-AVI-092

Vulnerability from certfr_avis

Solution

ghsa-2cqr-v8j2-59fq

Vulnerability from github

gsd-2015-1067

Vulnerability from gsd

fkie_cve-2015-1067

Vulnerability from fkie_nvd

cnvd-2015-01647

Vulnerability from cnvd

var-201503-0091

Vulnerability from variot

Tags

Sightings

Nomenclature