CVE-2015-3658
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
La funcionalidad Page Loading en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no considera correctamente las redirecciones durante decisiones sobre el envío de una cabecera Origin, lo que facilita a atacantes remotos evadir los mecanismos de protección CSRF a través de un sitio web manipulado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-07 CVE Reserved
- 2015-07-01 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/75492 | Vdb Entry | |
http://www.securitytracker.com/id/1032754 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html | 2016-12-28 | |
http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html | 2016-12-28 | |
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html | 2016-12-28 | |
http://support.apple.com/kb/HT204941 | 2016-12-28 | |
http://support.apple.com/kb/HT204950 | 2016-12-28 | |
http://www.ubuntu.com/usn/USN-2937-1 | 2016-12-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 6.2.6 Search vendor "Apple" for product "Safari" and version " <= 6.2.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0 Search vendor "Apple" for product "Safari" and version "7.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.1 Search vendor "Apple" for product "Safari" and version "7.0.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.2 Search vendor "Apple" for product "Safari" and version "7.0.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.3 Search vendor "Apple" for product "Safari" and version "7.0.3" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.4 Search vendor "Apple" for product "Safari" and version "7.0.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.5 Search vendor "Apple" for product "Safari" and version "7.0.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.6 Search vendor "Apple" for product "Safari" and version "7.0.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.0 Search vendor "Apple" for product "Safari" and version "7.1.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.1 Search vendor "Apple" for product "Safari" and version "7.1.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.2 Search vendor "Apple" for product "Safari" and version "7.1.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.3 Search vendor "Apple" for product "Safari" and version "7.1.3" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.4 Search vendor "Apple" for product "Safari" and version "7.1.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.5 Search vendor "Apple" for product "Safari" and version "7.1.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.1.6 Search vendor "Apple" for product "Safari" and version "7.1.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0 Search vendor "Apple" for product "Safari" and version "8.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.1 Search vendor "Apple" for product "Safari" and version "8.0.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.2 Search vendor "Apple" for product "Safari" and version "8.0.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.3 Search vendor "Apple" for product "Safari" and version "8.0.3" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.4 Search vendor "Apple" for product "Safari" and version "8.0.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.5 Search vendor "Apple" for product "Safari" and version "8.0.5" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 8.0.6 Search vendor "Apple" for product "Safari" and version "8.0.6" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 8.3 Search vendor "Apple" for product "Iphone Os" and version " <= 8.3" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.3 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.3" | - |
Affected
|