What is CVE-2015-1126?

CVE-2015-1126 is a vulnerability in Apple Iphone_os, classified under Improper Input Validation. Published 2015-04-10.

Is CVE-2015-1126 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apple Iphone_os

CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.654 (98.5th percentile) — read the EPSS interpretation.

Affected products

Apple Iphone_os
Apple Safari — versions 7.0, 7.0.1, 7.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

product-security@apple.com (x_refsource_CONFIRM, Vendor Advisory)
APPLE-SA-2015-04-08-3 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
APPLE-SA-2015-04-08-1 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
1032047 (vdb-entry, x_refsource_SECTRACK)
product-security@apple.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-1126?: CVE-2015-1126 is a vulnerability in Apple Iphone_os, classified under Improper Input Validation. Published 2015-04-10.
Is CVE-2015-1126 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.