Unrated severityNVD Advisory· Published Apr 10, 2015· Updated Jun 17, 2026
CVE-2015-1126
CVE-2015-1126
Description
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.4
- cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
- (no CPE)range: <6.2.5; >=7.0 <7.1.5; >=8.0 <8.0.5
- Range: <8.3
Patches
Vulnerability mechanics
References
5- lists.apple.com/archives/security-announce/2015/Apr/msg00000.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00002.htmlnvdVendor Advisory
- support.apple.com/HT204658nvdVendor Advisory
- support.apple.com/HT204661nvdVendor Advisory
- www.securitytracker.com/id/1032047nvd
News mentions
0No linked articles in our index yet.