What is the severity of CVE-2015-1155?

CVE-2015-1155 has a moderate severity as it allows remote attackers to bypass the Same Origin Policy.

How do I fix CVE-2015-1155?

To fix CVE-2015-1155, upgrade to Safari version 6.2.6 or later, or iOS version 8.0.6 or later.

Which versions of Safari are affected by CVE-2015-1155?

CVE-2015-1155 affects Safari versions prior to 6.2.6, 7.x prior to 7.1.6, and 8.x prior to 8.0.6.

What vulnerabilities does CVE-2015-1155 exploit?

CVE-2015-1155 exploits weaknesses in the WebKit history implementation, allowing unauthorized file access.

Is iPhone OS vulnerable to CVE-2015-1155?

Yes, iPhone OS versions up to and including 8.3 are vulnerable to CVE-2015-1155.

Vulnerability/
CVE-2015-1155

medium

4.3

CWE

264

8/5/2015

6/8/2024

CVE-2015-1155

First published: Fri May 08 2015(Updated: )

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
iStyle @cosme iPhone OS	<=8.3
Apple Mobile Safari	<=6.2.5
Apple Mobile Safari	=7.0
Apple Mobile Safari	=7.0.1
Apple Mobile Safari	=7.0.2
Apple Mobile Safari	=7.0.3
Apple Mobile Safari	=7.0.4
Apple Mobile Safari	=7.0.5
Apple Mobile Safari	=7.0.6
Apple Mobile Safari	=7.1.0
Apple Mobile Safari	=7.1.1
Apple Mobile Safari	=7.1.2
Apple Mobile Safari	=7.1.3
Apple Mobile Safari	=7.1.4
Apple Mobile Safari	=7.1.5
Apple Mobile Safari	=8.0.0
Apple Mobile Safari	=8.0.1
Apple Mobile Safari	=8.0.2
Apple Mobile Safari	=8.0.3
Apple Mobile Safari	=8.0.4
Apple Mobile Safari	=8.0.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-1155?
CVE-2015-1155 has a moderate severity as it allows remote attackers to bypass the Same Origin Policy.
How do I fix CVE-2015-1155?
To fix CVE-2015-1155, upgrade to Safari version 6.2.6 or later, or iOS version 8.0.6 or later.
Which versions of Safari are affected by CVE-2015-1155?
CVE-2015-1155 affects Safari versions prior to 6.2.6, 7.x prior to 7.1.6, and 8.x prior to 8.0.6.
What vulnerabilities does CVE-2015-1155 exploit?
CVE-2015-1155 exploits weaknesses in the WebKit history implementation, allowing unauthorized file access.
Is iPhone OS vulnerable to CVE-2015-1155?
Yes, iPhone OS versions up to and including 8.3 are vulnerable to CVE-2015-1155.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/istyle @cosme iphone os
version/istyle @cosme iphone os/8.3
canonical/apple mobile safari
version/apple mobile safari/6.2.5
version/apple mobile safari/7.0
version/apple mobile safari/7.0.1
version/apple mobile safari/7.0.2
version/apple mobile safari/7.0.3
version/apple mobile safari/7.0.4
version/apple mobile safari/7.0.5
version/apple mobile safari/7.0.6
version/apple mobile safari/7.1.0
version/apple mobile safari/7.1.1
version/apple mobile safari/7.1.2
version/apple mobile safari/7.1.3
version/apple mobile safari/7.1.4
version/apple mobile safari/7.1.5
version/apple mobile safari/8.0.0
version/apple mobile safari/8.0.1
version/apple mobile safari/8.0.2
version/apple mobile safari/8.0.3
version/apple mobile safari/8.0.4
version/apple mobile safari/8.0.5