PT-2015-6258 · Apple+3 · Safari+4

Peter Rutenbar

·

Publicado

2015-07-01

·

Atualizado

2024-06-15

·

CVE-2015-3659

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 6.2.7 Apple Safari versions 7.x prior to 7.1.7 Apple Safari versions 8.x prior to 8.0.7
Description The issue is related to the SQLite authorizer in the Storage functionality in WebKit, which does not properly restrict access to SQL functions. This allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site.
Recommendations For Apple Safari versions prior to 6.2.7, update to version 6.2.7 or later. For Apple Safari versions 7.x prior to 7.1.7, update to version 7.1.7 or later. For Apple Safari versions 8.x prior to 8.0.7, update to version 8.0.7 or later.

Exploit

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2016-1245
ALT-PU-2016-1315
CVE-2015-3659
MGASA-2016-0116
MGASA-2016-0120
OPENSUSE-SU-2024:10461-1
USN-2937-1
ZDI-15-291

Produtos afetados

Alt Linux
Sqlite
Safari
Ubuntu
Webkit