var-201508-0422
Vulnerability from variot
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. Bootp is one of the components that automatically assigns static IP based on IP/UDP protocol. A security vulnerability exists in the bootp component of Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.4"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipod touch first 5 after generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "evad3rs, TaiG Jailbreak Team, Cererdlong of Alibaba Mobile Security Team, Phillip Moon and Matt Weston of Sandfield, TaiG Jailbreak Team, FireEye, Proteas of Qihoo 360 Nirvan Team, Piers O\u0027Hanlon of Oxford Internet Institute, University of Oxford (on the",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
],
"trust": 0.6
},
"cve": "CVE-2015-3778",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2015-3778",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-81739",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3778",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2015-3778",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-225",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81739",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2015-3778",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. Bootp is one of the components that automatically assigns static IP based on IP/UDP protocol. A security vulnerability exists in the bootp component of Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3778",
"trust": 2.6
},
{
"db": "BID",
"id": "76337",
"trust": 1.8
},
{
"db": "BID",
"id": "76340",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1033275",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225",
"trust": 0.7
},
{
"db": "BID",
"id": "83590",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81739",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3778",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"id": "VAR-201508-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:02:13.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2015-08-13-3 iOS 8.4.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT205031"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205031"
},
{
"title": "osxupd10.10.5",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57197"
},
{
"title": "iPhone7,1_8.4.1_12H321_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57198"
},
{
"title": "Apple: Apple TV 7.2.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7fd0c8e5493266a37a14d1b8b5c5ece7"
},
{
"title": "Apple: iOS 8.4.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1e360caea44107f4b635ae5265ed4e38"
},
{
"title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/76337"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205030"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76340"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033275"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3778"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3778"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2015-3763"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht205795"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40485"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81739"
},
{
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-81739"
},
{
"date": "2015-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"date": "2015-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"date": "2015-08-16T23:59:51.190000",
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81739"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3778"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004231"
},
{
"date": "2015-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-225"
},
{
"date": "2024-11-21T02:29:50.200000",
"db": "NVD",
"id": "CVE-2015-3778"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and OS X of bootp Earlier in Wi-Fi Session MAC Vulnerability to obtain important information about addresses",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-225"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…