Vulnerability CVE-2015-1155: Information

Description

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-1155

Published: May 8, 2015

Modified: Jan. 3, 2017

Error type identifier: CWE-264

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libwebkitgtk2	p10	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	p9	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c10f1	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c9f2	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk3	p10	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	p9	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c10f1	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c9f2	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
APPLE-SA-2015-05-06-1	Vendor Advisory
https://support.apple.com/HT204826	Vendor Advisory
1032270
APPLE-SA-2015-06-30-1	Vendor Advisory
http://support.apple.com/kb/HT204941	Vendor Advisory
openSUSE-SU-2016:0761
openSUSE-SU-2016:0915
USN-2937-1
74527

Affected configurations:
1. Configuration 1
  cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  End including
  8.3
  
  Configuration 2
  cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
  End including
  6.2.5
  cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2015-1155: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2