cvelistv5 - cve-2015-3660

CVE-2015-3660 (GCVE-0-2015-3660)

Vulnerability from cvelistv5

Published

2015-07-03 01:00

Modified

2024-08-06 05:47

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2015-3660

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-3660

Aliases

CVE-2015-3660

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3660",
    "description": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.",
    "id": "GSD-2015-3660",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-3660.html",
      "https://advisories.mageia.org/CVE-2015-3660.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3660"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.",
      "id": "GSD-2015-3660",
      "modified": "2023-12-13T01:20:07.680246Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-3660",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT204950",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT204950"
          },
          {
            "name": "75494",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75494"
          },
          {
            "name": "openSUSE-SU-2016:0761",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
          },
          {
            "name": "APPLE-SA-2015-06-30-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"
          },
          {
            "name": "1032754",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032754"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-3660"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT204950",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT204950"
            },
            {
              "name": "APPLE-SA-2015-06-30-4",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"
            },
            {
              "name": "75494",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75494"
            },
            {
              "name": "openSUSE-SU-2016:0761",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
            },
            {
              "name": "1032754",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032754"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-28T02:59Z",
      "publishedDate": "2015-07-03T01:59Z"
    }
  }
}

ghsa-3874-c4vv-qxvf

Vulnerability from github

Published

2022-05-17 03:14

Modified

2022-05-17 03:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-03T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content.",
  "id": "GHSA-3874-c4vv-qxvf",
  "modified": "2022-05-17T03:14:28Z",
  "published": "2022-05-17T03:14:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3660"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT204950"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75494"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032754"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

De multiples vulnérabilités ont été corrigées dans Apple Safari. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à Safari 6.2.7
Apple	Safari	Safari versions antérieures à Safari 7.1.7
Apple	Safari	Safari versions antérieures à Safari 8.0.7

References

Title

Publication Time

var-201507-0424

Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. Apple Safari Used in etc. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.7, 7.x prior to 7.1.7, and 8.x prior to 8.0.7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address the following:

WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: A maliciously crafted website can access the WebSQL databases of other websites Description: An issue existed in the authorization checks for renaming WebSQL tables. This could have allowed a maliciously crafted website to access databases belonging to other websites. The issue was addressed with improved authorization checks. CVE-ID CVE-2015-3727 : Peter Rutenbar working with HP's Zero Day Initiative

WebKit Page Loading Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: Visiting a maliciously crafted website may lead to account account takeover Description: An issue existed where Safari would preserve the Origin request header for cross-origin redirects, allowing malicious websites to circumvent CSRF protections. This issue was addressed through improved handling of redirects. CVE-ID CVE-2015-3658 : Brad Hill of Facebook

WebKit PDF Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: Clicking a maliciously crafted link in a PDF embedded in a webpage may lead to cookie theft or user information leakage Description: An issue existed with PDF-embedded links which could execute JavaScript in a hosting webpage's context. This issue was addressed by restricting the support for JavaScript links. CVE-ID CVE-2015-3660 : Apple

WebKit Storage Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVke9DAAoJEBcWfLTuOo7tE7oP/0PWt+3zpRGevnWaTR1cdCSR ixlIqZ+OrwfGluIpnQIrMx8Lw2F954/Afcv68QW5pDwU02UYIiHXFiryFG2YYu6k +n1mnqY/5n3uo3+V18Tfi7q8WFoEfi607PbXUt/Q3FCu+NuQBl3nrVWo53f+a44v Pb08QVMyj+g0KWNoMudA7T/G9yXsnZFm6rBKkl1D+2Cwyx/DB2i4guHleJNawM/m 8vCgIc4FReFOz03EqW3Vzqp3qWd4AovRLX8iG+62mUU8AgAVVurJdhxPNjqzmoAi Zg1MDM2un4Op6QvLpJzG9zwW5/s+H8GVLPIYnK+uASu5UR0EU3yqb0UOCHbyG6iI DFaRDyHXaNBWglFxRdl/Lvbz/ZQyAdc3MJMaHOSHchvu7CX3x2szTKkPr1nd/7bS RB5JWTBKjz9G0zOp4d44u49oW4/43yV/kcjs7isBKyzPpO67dzukMDjjeKlkYAVE gOoYtQMcorh2PrMEAW7MN2jB9R0f7gEOr2txRLgy0NakI/W+WVK8wysbDNvsjEE4 9UynLpQHqmlEL68ZyXGPrbn7Q4dO3qdL3fYsCp/57o7wDkIfASBehTet4Va3yobr ZikiQkMU9QnYYWiN0whHzgtq+ONFg8B3hroD9XgfpG8kldjXyI6cOj6QY9e276m4 U31+XzCwLCTXylgolNOw =9Wfv -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0424",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "8.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "8.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "8.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "8.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.2.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.7   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.7   (os x mountain lion v10.8.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.2.7   (os x yosemite v10.10.3)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.7   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.7   (os x mountain lion v10.8.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.7   (os x yosemite v10.10.3)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.0.7   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.0.7   (os x mountain lion v10.8.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "8.0.7   (os x yosemite v10.10.3)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "BID",
        "id": "75494"
      },
      {
        "db": "PACKETSTORM",
        "id": "132520"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-3660",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-3660",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-81621",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-3660",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-3660",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-022",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81621",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3660",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. Apple Safari Used in etc. \nSuccessful exploits may allow the attacker to gain access to sensitive information.  Information obtained may lead to further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.7, 7.x prior to 7.1.7, and 8.x prior to 8.0.7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7\n\nSafari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and\naddress the following:\n\nWebKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact:  A maliciously crafted website can access the WebSQL\ndatabases of other websites\nDescription:  An issue existed in the authorization checks for\nrenaming WebSQL tables. This could have allowed a maliciously crafted\nwebsite to access databases belonging to other websites. The issue\nwas addressed with improved authorization checks. \nCVE-ID\nCVE-2015-3727 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nWebKit Page Loading\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact:  Visiting a maliciously crafted website may lead to account\naccount takeover\nDescription:  An issue existed where Safari would preserve the Origin\nrequest header for cross-origin redirects, allowing malicious\nwebsites to circumvent CSRF protections. This issue was addressed\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-3658 : Brad Hill of Facebook\n\nWebKit PDF\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact:  Clicking a maliciously crafted link in a PDF embedded in a\nwebpage may lead to cookie theft or user information leakage\nDescription:  An issue existed with PDF-embedded links which could\nexecute JavaScript in a hosting webpage\u0027s context. This issue was\naddressed by restricting the support for JavaScript links. \nCVE-ID\nCVE-2015-3660 : Apple\n\nWebKit Storage\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact:  Visiting a maliciously crafted webpage may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  An insufficient comparison issue existed in SQLite\nauthorizer which allowed invocation of arbitrary SQL functions. This\nissue was addressed with improved authorization checks. \nCVE-ID\nCVE-2015-3659 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\n\nSafari 8.0.7, Safari 7.1.7, and Safari 6.2.7 may be obtained from\nthe Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVke9DAAoJEBcWfLTuOo7tE7oP/0PWt+3zpRGevnWaTR1cdCSR\nixlIqZ+OrwfGluIpnQIrMx8Lw2F954/Afcv68QW5pDwU02UYIiHXFiryFG2YYu6k\n+n1mnqY/5n3uo3+V18Tfi7q8WFoEfi607PbXUt/Q3FCu+NuQBl3nrVWo53f+a44v\nPb08QVMyj+g0KWNoMudA7T/G9yXsnZFm6rBKkl1D+2Cwyx/DB2i4guHleJNawM/m\n8vCgIc4FReFOz03EqW3Vzqp3qWd4AovRLX8iG+62mUU8AgAVVurJdhxPNjqzmoAi\nZg1MDM2un4Op6QvLpJzG9zwW5/s+H8GVLPIYnK+uASu5UR0EU3yqb0UOCHbyG6iI\nDFaRDyHXaNBWglFxRdl/Lvbz/ZQyAdc3MJMaHOSHchvu7CX3x2szTKkPr1nd/7bS\nRB5JWTBKjz9G0zOp4d44u49oW4/43yV/kcjs7isBKyzPpO67dzukMDjjeKlkYAVE\ngOoYtQMcorh2PrMEAW7MN2jB9R0f7gEOr2txRLgy0NakI/W+WVK8wysbDNvsjEE4\n9UynLpQHqmlEL68ZyXGPrbn7Q4dO3qdL3fYsCp/57o7wDkIfASBehTet4Va3yobr\nZikiQkMU9QnYYWiN0whHzgtq+ONFg8B3hroD9XgfpG8kldjXyI6cOj6QY9e276m4\nU31+XzCwLCTXylgolNOw\n=9Wfv\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "BID",
        "id": "75494"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "db": "PACKETSTORM",
        "id": "132520"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3660",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "75494",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1032754",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-81621",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3660",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132520",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "db": "BID",
        "id": "75494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "PACKETSTORM",
        "id": "132520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "id": "VAR-201507-0424",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:31:31.211000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"
      },
      {
        "title": "HT204950",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/HT204950"
      },
      {
        "title": "HT204950",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT204950"
      },
      {
        "title": "quicktime7.7.7_installer",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56517"
      },
      {
        "title": "osxupd10.10.4",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56516"
      },
      {
        "title": "iPhone7,1_8.4_12H143_Restore",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56515"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/0xCyberY/CVE-T4PDF "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht204950"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/75494"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1032754"
      },
      {
        "trust": 1.2,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3660"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3660"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39580"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3660"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3727"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3658"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3659"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "db": "BID",
        "id": "75494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "PACKETSTORM",
        "id": "132520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "db": "BID",
        "id": "75494"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "db": "PACKETSTORM",
        "id": "132520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "date": "2015-06-30T00:00:00",
        "db": "BID",
        "id": "75494"
      },
      {
        "date": "2015-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "date": "2015-07-01T05:38:21",
        "db": "PACKETSTORM",
        "id": "132520"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "date": "2015-07-03T01:59:19.510000",
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81621"
      },
      {
        "date": "2016-12-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3660"
      },
      {
        "date": "2016-02-02T20:04:00",
        "db": "BID",
        "id": "75494"
      },
      {
        "date": "2015-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      },
      {
        "date": "2024-11-21T02:29:35.493000",
        "db": "NVD",
        "id": "CVE-2015-3660"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari Used in etc.  WebKit of  PDF Cross-site scripting vulnerability in functionality",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003392"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-022"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2015-04232

Vulnerability from cnvd

Title

Apple Safari PDF任意脚本执行漏洞

Description

Apple Safari是一款流行的WEB浏览器。 Apple Safari存在安全漏洞，允许攻击者构建恶意包含嵌入PDF页面的URI，诱使用户访问，可以目标用户上下文执行任意脚本代码。

Severity

高

Patch Name

Apple Safari PDF任意脚本执行漏洞的补丁

Patch Description

Apple Safari是一款流行的WEB浏览器。Apple Safari存在安全漏洞，允许攻击者构建恶意包含嵌入PDF页面的URI，诱使用户访问，可以目标用户上下文执行任意脚本代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/kb/HT204950

Reference

https://support.apple.com/kb/HT204950

Impacted products

Name
['Apple Safari <6.2.7', 'Apple Safari 7.x(<7.1.7)', 'Apple Safari 8.x(<8.0.7)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3660"
    }
  },
  "description": "Apple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nApple Safari\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u5305\u542b\u5d4c\u5165PDF\u9875\u9762\u7684URI\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002",
  "discovererName": "Apple",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/kb/HT204950",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04232",
  "openTime": "2015-07-06",
  "patchDescription": "Apple Safari\u662f\u4e00\u6b3e\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002Apple Safari\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u5305\u542b\u5d4c\u5165PDF\u9875\u9762\u7684URI\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Safari PDF\u4efb\u610f\u811a\u672c\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple Safari \u003c6.2.7",
      "Apple Safari 7.x(\u003c7.1.7)",
      "Apple Safari 8.x(\u003c8.0.7)"
    ]
  },
  "referenceLink": "https://support.apple.com/kb/HT204950",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-02",
  "title": "Apple Safari PDF\u4efb\u610f\u811a\u672c\u6267\u884c\u6f0f\u6d1e"
}

fkie_cve-2015-3660

Vulnerability from fkie_nvd

Published

2015-07-03 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html	Vendor Advisory
product-security@apple.com	http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
product-security@apple.com	http://support.apple.com/kb/HT204950	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/75494
product-security@apple.com	http://www.securitytracker.com/id/1032754
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT204950	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75494
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032754

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	7.0
apple	safari	7.0.1
apple	safari	7.0.2
apple	safari	7.0.3
apple	safari	7.0.4
apple	safari	7.0.5
apple	safari	7.0.6
apple	safari	7.1.0
apple	safari	7.1.1
apple	safari	7.1.2
apple	safari	7.1.3
apple	safari	7.1.4
apple	safari	7.1.5
apple	safari	7.1.6
apple	safari	8.0
apple	safari	8.0.1
apple	safari	8.0.2
apple	safari	8.0.3
apple	safari	8.0.4
apple	safari	8.0.5
apple	safari	8.0.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3CBE396-522D-42D2-90D8-EC816E582642",
              "versionEndIncluding": "6.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "49457917-495E-4D17-A0AB-D2A163D4721D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "223B13DA-9328-46C2-8426-3182D55E6669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD636DF3-E590-4603-9D18-CC2375A97750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C2EF49-A9F0-4612-903A-A3A95805277E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E1934F2-5917-4C15-8869-82C557BF430D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3567D600-C756-4FB5-B4B1-9B014A990A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3587E5B7-4B66-4DB4-86A3-6E37034747C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5C7D83-EA9E-4E26-910D-8471252723EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FDB5E2A-F3BD-4500-922E-A191C45DE93C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E55F641-AC7F-41AD-BB6A-F69831DAD49E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C46A6C6-292D-4F67-9DF4-DFA01DCEA387",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la funcionalidad PDF en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada en contenido PDF embebido."
    }
  ],
  "id": "CVE-2015-3660",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-03T01:59:19.510",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT204950"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/75494"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1032754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT204950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032754"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-3660 (GCVE-0-2015-3660)

Vulnerability from cvelistv5

gsd-2015-3660

Vulnerability from gsd

ghsa-3874-c4vv-qxvf

Vulnerability from github

CERTFR-2015-AVI-276

Vulnerability from certfr_avis

Solution

var-201507-0424

Vulnerability from variot

cnvd-2015-04232

Vulnerability from cnvd

fkie_cve-2015-3660

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature