Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2015-9231

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2015-9231
  • Iterm2 » Iterm2 » Version: 2.9.20151111
    cpe:2.3:a:iterm2:iterm2:2.9.20151111
  • Iterm2 » Iterm2 » Version: 2.9.20151229
    cpe:2.3:a:iterm2:iterm2:2.9.20151229
  • Iterm2 » Iterm2 » Version: 2.9.20160102
    cpe:2.3:a:iterm2:iterm2:2.9.20160102
  • Iterm2 » Iterm2 » Version: 2.9.20160113
    cpe:2.3:a:iterm2:iterm2:2.9.20160113
  • Iterm2 » Iterm2 » Version: 2.9.20160206
    cpe:2.3:a:iterm2:iterm2:2.9.20160206
  • Iterm2 » Iterm2 » Version: 2.9.20160313
    cpe:2.3:a:iterm2:iterm2:2.9.20160313
  • Iterm2 » Iterm2 » Version: 2.9.20160422
    cpe:2.3:a:iterm2:iterm2:2.9.20160422
  • Iterm2 » Iterm2 » Version: 2.9.20160426
    cpe:2.3:a:iterm2:iterm2:2.9.20160426
  • Iterm2 » Iterm2 » Version: 2.9.20160510
    cpe:2.3:a:iterm2:iterm2:2.9.20160510
  • Iterm2 » Iterm2 » Version: 2.9.20160523
    cpe:2.3:a:iterm2:iterm2:2.9.20160523
  • Iterm2 » Iterm2 » Version: 3.0.0
    cpe:2.3:a:iterm2:iterm2:3.0.0
  • Iterm2 » Iterm2 » Version: 3.0.1
    cpe:2.3:a:iterm2:iterm2:3.0.1
  • Iterm2 » Iterm2 » Version: 3.0.10
    cpe:2.3:a:iterm2:iterm2:3.0.10
  • Iterm2 » Iterm2 » Version: 3.0.11
    cpe:2.3:a:iterm2:iterm2:3.0.11
  • Iterm2 » Iterm2 » Version: 3.0.12
    cpe:2.3:a:iterm2:iterm2:3.0.12
  • Iterm2 » Iterm2 » Version: 3.0.13
    cpe:2.3:a:iterm2:iterm2:3.0.13
  • Iterm2 » Iterm2 » Version: 3.0.14
    cpe:2.3:a:iterm2:iterm2:3.0.14
  • Iterm2 » Iterm2 » Version: 3.0.15
    cpe:2.3:a:iterm2:iterm2:3.0.15
  • Iterm2 » Iterm2 » Version: 3.0.2
    cpe:2.3:a:iterm2:iterm2:3.0.2
  • Iterm2 » Iterm2 » Version: 3.0.20160531
    cpe:2.3:a:iterm2:iterm2:3.0.20160531
  • Iterm2 » Iterm2 » Version: 3.0.3
    cpe:2.3:a:iterm2:iterm2:3.0.3
  • Iterm2 » Iterm2 » Version: 3.0.4
    cpe:2.3:a:iterm2:iterm2:3.0.4
  • Iterm2 » Iterm2 » Version: 3.0.5
    cpe:2.3:a:iterm2:iterm2:3.0.5
  • Iterm2 » Iterm2 » Version: 3.0.6
    cpe:2.3:a:iterm2:iterm2:3.0.6
  • Iterm2 » Iterm2 » Version: 3.0.7
    cpe:2.3:a:iterm2:iterm2:3.0.7
  • Iterm2 » Iterm2 » Version: 3.0.8
    cpe:2.3:a:iterm2:iterm2:3.0.8
  • Iterm2 » Iterm2 » Version: 3.0.9
    cpe:2.3:a:iterm2:iterm2:3.0.9
  • Iterm2 » Iterm2 » Version: 3.1.0
    cpe:2.3:a:iterm2:iterm2:3.1.0


Contact Us

Shodan ® - All rights reserved