CVE-2015-1126
WebKit - Info Disclosure
Title source: llmDescription
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Exploits (1)
metasploit
WORKING POC
by Jouko Pynnonen, joev · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
References (5)
Scores
EPSS
0.6545
EPSS Percentile
98.5%
Details
CWE
CWE-20
Status
published
Products (19)
apple/iphone_os
< 8.2
apple/safari
7.0
apple/safari
7.0.1
apple/safari
7.0.2
apple/safari
7.0.3
apple/safari
7.0.4
apple/safari
7.0.5
apple/safari
7.0.6
apple/safari
7.1.0
apple/safari
7.1.1
... and 9 more
Published
Apr 10, 2015
Tracked Since
Feb 18, 2026