CVE-2015-1092

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
appletvos
𝑥
≤ 7.1
appleiphone_os
𝑥
≤ 8.2
𝑥
= Vulnerable software versions
References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
http://www.securityfocus.com/bid/73983
http://www.securitytracker.com/id/1032050
https://support.apple.com/HT204661
https://support.apple.com/HT204662
https://support.apple.com/kb/HT204870
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html
http://www.securityfocus.com/bid/73983
http://www.securitytracker.com/id/1032050
https://support.apple.com/HT204661
https://support.apple.com/HT204662
https://support.apple.com/kb/HT204870