Vulnerabilities > CVE-2015-1154 - Unspecified vulnerability in Apple Itunes

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
nessus

Summary

WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153.

Vulnerable Configurations

Part Description Count
Application
Apple
333

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI8_0_6.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.6 / 7.1.6 / 8.0.6. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues in WebKit due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted web page, to cause a denial of service condition or to execute arbitrary code. (CVE-2015-1152, CVE-2015-1153, and CVE-2015-1154) - An information disclosure vulnerability in WebKit History exists due to a state management flaw and improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted web page, to disclose sensitive information from the file system. (CVE-2015-1155) - A flaw exists in WebKit Page Loading due to improper handling of rel attributes in anchor elements that allows target objects to get unauthorized access to link objects. A remote attacker can exploit this, via a specially crafted web page, to spoof the user interface. (CVE-2015-1156)
    last seen2020-06-01
    modified2020-06-02
    plugin id83291
    published2015-05-08
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83291
    titleMac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83291);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-1152",
        "CVE-2015-1153",
        "CVE-2015-1154",
        "CVE-2015-1155",
        "CVE-2015-1156"
      );
      script_bugtraq_id(
        74523,
        74524,
        74525,
        74526,
        74527
      );
    
      script_name(english:"Mac OS X : Apple Safari < 6.2.6 / 7.1.6 / 8.0.6 Multiple Vulnerabilities");
      script_summary(english:"Checks the Safari version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has a web browser installed that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple Safari installed on the remote Mac OS X host is
    prior to 6.2.6 / 7.1.6 / 8.0.6. It is, therefore, affected by the
    following vulnerabilities :
    
      - Multiple memory corruption issues in WebKit due to
        improper validation of user-supplied input. A remote
        attacker can exploit this, via a specially crafted
        web page, to cause a denial of service condition or to
        execute arbitrary code. (CVE-2015-1152, CVE-2015-1153,
        and CVE-2015-1154)
    
      - An information disclosure vulnerability in WebKit
        History exists due to a state management flaw and
        improper validation of user-supplied input. A remote
        attacker can exploit this, via a specially crafted web
        page, to disclose sensitive information from the file
        system. (CVE-2015-1155)
        
      - A flaw exists in WebKit Page Loading due to improper
        handling of rel attributes in anchor elements that
        allows target objects to get unauthorized access to link
        objects. A remote attacker can exploit this, via a
        specially crafted web page, to spoof the user interface.
        (CVE-2015-1156)");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204826");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple Safari 6.2.6 / 7.1.6 / 8.0.6 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1154");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    if (!ereg(pattern:"Mac OS X 10\.([89]|10)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.8 / 10.9 / 10.10");
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    if ("10.8" >< os)
      fixed_version = "6.2.6";
    else if ("10.9" >< os)
      fixed_version = "7.1.6";
    else
      fixed_version = "8.0.6";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_warning(port:0, extra:report);
      }
      else security_warning(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
    
  • NASL familyWindows
    NASL idITUNES_12_2_0.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84504
    published2015-07-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84504
    titleApple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84504);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2014-3192",
        "CVE-2014-4452",
        "CVE-2014-4459",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475",
        "CVE-2014-4476",
        "CVE-2014-4477",
        "CVE-2014-4479",
        "CVE-2015-1068",
        "CVE-2015-1069",
        "CVE-2015-1070",
        "CVE-2015-1071",
        "CVE-2015-1072",
        "CVE-2015-1073",
        "CVE-2015-1074",
        "CVE-2015-1075",
        "CVE-2015-1076",
        "CVE-2015-1077",
        "CVE-2015-1078",
        "CVE-2015-1079",
        "CVE-2015-1080",
        "CVE-2015-1081",
        "CVE-2015-1082",
        "CVE-2015-1083",
        "CVE-2015-1119",
        "CVE-2015-1120",
        "CVE-2015-1121",
        "CVE-2015-1122",
        "CVE-2015-1124",
        "CVE-2015-1152",
        "CVE-2015-1153",
        "CVE-2015-1154"
      );
      script_bugtraq_id(
        70273,
        71137,
        71144,
        71438,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        72329,
        72330,
        72331,
        73972,
        74523,
        74525,
        74526
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6");
    
      script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks the version of iTunes on Windows.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    prior to 12.2. It is, therefore, affected by multiple vulnerabilities
    in the bundled version of WebKit, including denial of service and
    arbitrary code execution vulnerabilities.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949");
      # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 12.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    # Ensure this is Windows
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    app_id = 'iTunes Version';
    install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);
    
    version = install["version"];
    path = install["path"];
    
    fixed_version = "12.2.0.145";
    if (ver_compare(ver:version, fix:fixed_version) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_12_2_0_BANNER.NASL
    descriptionThe version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id86600
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86600
    titleApple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86600);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2014-3192",
        "CVE-2014-4452",
        "CVE-2014-4459",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475",
        "CVE-2014-4476",
        "CVE-2014-4477",
        "CVE-2014-4479",
        "CVE-2015-1068",
        "CVE-2015-1069",
        "CVE-2015-1070",
        "CVE-2015-1071",
        "CVE-2015-1072",
        "CVE-2015-1073",
        "CVE-2015-1074",
        "CVE-2015-1075",
        "CVE-2015-1076",
        "CVE-2015-1077",
        "CVE-2015-1078",
        "CVE-2015-1079",
        "CVE-2015-1080",
        "CVE-2015-1081",
        "CVE-2015-1082",
        "CVE-2015-1083",
        "CVE-2015-1119",
        "CVE-2015-1120",
        "CVE-2015-1121",
        "CVE-2015-1122",
        "CVE-2015-1124",
        "CVE-2015-1152",
        "CVE-2015-1153",
        "CVE-2015-1154"
      );
      script_bugtraq_id(
        70273,
        71137,
        71144,
        71438,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        72329,
        72330,
        72331,
        73972,
        74523,
        74525,
        74526
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6");
    
      script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)");
      script_summary(english:"Checks the version of iTunes.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes running on the remote host is prior to
    12.2. It is, therefore, affected by multiple vulnerabilities due to
    memory corruption issues in the WebKit component. An attacker can
    exploit these to cause a denial of service or execute arbitrary code.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949");
      # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple version iTunes 12.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/26");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Peer-To-Peer File Sharing");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_sharing.nasl");
      script_require_keys("iTunes/sharing");
      script_require_ports("Services/www", 3689);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
    
    get_kb_item_or_exit("iTunes/" + port + "/enabled");
    
    type = get_kb_item_or_exit("iTunes/" + port + "/type");
    source = get_kb_item_or_exit("iTunes/" + port + "/source");
    version = get_kb_item_or_exit("iTunes/" + port + "/version");
    
    if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");
    
    fixed_version = "12.2.0.145";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : ' + fixed_version + 
                 '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);