Vulnerability Description
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
3.3
LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Xcode | <= 6.4 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlPatchVendor Advisory
- http://www.securitytracker.com/id/1033596
- https://support.apple.com/HT205217Vendor Advisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlPatchVendor Advisory
- http://www.securitytracker.com/id/1033596
- https://support.apple.com/HT205217Vendor Advisory
FAQ
What is CVE-2015-5910?
CVE-2015-5910 is a vulnerability with a CVSS score of 3.3 (LOW). IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
How severe is CVE-2015-5910?
CVE-2015-5910 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5910?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Xcode.