CVE-2015-1129

EUVD-2015-1272
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 8.4.1
applesafari
𝑥
≤ 6.2.4
applesafari
7.0
applesafari
7.0.1
applesafari
7.0.2
applesafari
7.0.3
applesafari
7.0.4
applesafari
7.0.5
applesafari
7.0.6
applesafari
7.1.0
applesafari
7.1.1
applesafari
7.1.2
applesafari
7.1.3
applesafari
7.1.4
applesafari
8.0.0
applesafari
8.0.1
applesafari
8.0.2
applesafari
8.0.3
applesafari
8.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT205212
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT205212