CVE-2015-1129

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
appleiphone_os
𝑥
≤ 8.4.1
applesafari
𝑥
≤ 6.2.4
applesafari
7.0
applesafari
7.0.1
applesafari
7.0.2
applesafari
7.0.3
applesafari
7.0.4
applesafari
7.0.5
applesafari
7.0.6
applesafari
7.1.0
applesafari
7.1.1
applesafari
7.1.2
applesafari
7.1.3
applesafari
7.1.4
applesafari
8.0.0
applesafari
8.0.1
applesafari
8.0.2
applesafari
8.0.3
applesafari
8.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT205212
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT205212