Lucene search

[email protected]NVD:CVE-2015-3750

HistoryAug 16, 2015 - 11:59 p.m.

CVE-2015-3750

2015-08-1623:59:23

CWE-254

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.

Affected configurations

Nvd

Node

appleiphone_osRange≤8.4

Node

applesafariRange6.0–6.2.8

applesafariRange7.0–7.1.8

applesafariRange8.0–8.0.8

Node

appleiphone_osRange<8.4.1

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	safari	*	cpe:2.3:a:apple:safari::::::::

References

lists.apple.com/archives/security-announce/2015/Aug/msg00000.html

lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

lists.opensuse.org/opensuse-updates/2016-03/msg00054.html

www.securityfocus.com/bid/76341

www.securitytracker.com/id/1033274

support.apple.com/kb/HT205030

support.apple.com/kb/HT205033

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Related for NVD:CVE-2015-3750

ubuntucve1 prion1 cvelist1 cve1 nessus7 openvas2 securityvulns4 fedora1 apple2 mageia1