The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://support.apple.com/kb/HT204941 | x_refsource_CONFIRM |
| http://support.apple.com/kb/HT204950 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/75492 | vdb-entry x_refsource_BID |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html | vendor-advisory x_refsource_SUSE |
| http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | vendor-advisory x_refsource_APPLE |
| http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html | vendor-advisory x_refsource_APPLE |
| http://www.securitytracker.com/id/1032754 | vdb-entry x_refsource_SECTRACK |
| http://www.ubuntu.com/usn/USN-2937-1 | vendor-advisory x_refsource_UBUNTU |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://support.apple.com/kb/HT204941 | x_refsource_CONFIRM x_transferred |
| http://support.apple.com/kb/HT204950 | x_refsource_CONFIRM x_transferred |
| http://www.securityfocus.com/bid/75492 | vdb-entry x_refsource_BID x_transferred |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html | vendor-advisory x_refsource_SUSE x_transferred |
| http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | vendor-advisory x_refsource_APPLE x_transferred |
| http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html | vendor-advisory x_refsource_APPLE x_transferred |
| http://www.securitytracker.com/id/1032754 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://www.ubuntu.com/usn/USN-2937-1 | vendor-advisory x_refsource_UBUNTU x_transferred |
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |