CVE-2015-1092

medium

Description

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html

http://www.securityfocus.com/bid/73983

http://www.securitytracker.com/id/1032050

https://support.apple.com/HT204661

https://support.apple.com/HT204662

https://support.apple.com/kb/HT204870

Details

Source: MITRE

Published: 2015-04-10

Updated: 2019-03-08

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM