Lucene search

K

AppleCVELIST:CVE-2015-3658

HistoryJul 03, 2015 - 1:00 a.m.

CVE-2015-3658

2015-07-0301:00:00

apple

www.cve.org

6

AI Score

7.8

Confidence

High

EPSS

0.011

Percentile

84.4%

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

lists.apple.com/archives/security-announce/2015/Jun/msg00004.html

lists.opensuse.org/opensuse-updates/2016-03/msg00132.html

support.apple.com/kb/HT204941

support.apple.com/kb/HT204950

www.securityfocus.com/bid/75492

www.securitytracker.com/id/1032754

www.ubuntu.com/usn/USN-2937-1

AI Score

7.8

Confidence

High

EPSS

0.011

Percentile

84.4%

Related for CVELIST:CVE-2015-3658

prion1 ubuntucve1 cve1 nvd1 nessus9 openvas7 securityvulns4 fedora5 mageia2 ubuntu1 osv1