Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026
CVE-2015-1126
CVE-2015-1126
Description
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Affected products
19cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.4
- cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.apple.com/archives/security-announce/2015/Apr/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
- support.apple.com/HT204658nvdVendor Advisory
- support.apple.com/HT204661nvdVendor Advisory
- www.securitytracker.com/id/1032047nvd
News mentions
0No linked articles in our index yet.