CVE-2015-3750
WebKitGTK+ 2.x Use-After-Free / DoS / Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.
Vulnerabilidad en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros productos, no hace cumplir el mecanismo de protección HTTP Strict Trasnport Security (HSTS) para las peticiones de informes Content Security Policy (CSP), lo que permite a atacantes man-in-the-middle obtener información sensible rastreando la red o falsificando un informe mediante la modificación de la secuencia de datos cliente-servidor.
Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and addresses interface spoofing, arbitrary code execution, and various other vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-07 CVE Reserved
- 2015-08-13 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/76341 | Third Party Advisory | |
| http://www.securitytracker.com/id/1033274 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html | 2019-02-07 | |
| http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html | 2019-02-07 | |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html | 2019-02-07 | |
| https://support.apple.com/kb/HT205030 | 2019-02-07 | |
| https://support.apple.com/kb/HT205033 | 2019-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 8.4 Search vendor "Apple" for product "Iphone Os" and version " <= 8.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 6.0 < 6.2.8 Search vendor "Apple" for product "Safari" and version " >= 6.0 < 6.2.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 7.0 < 7.1.8 Search vendor "Apple" for product "Safari" and version " >= 7.0 < 7.1.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 8.0 < 8.0.8 Search vendor "Apple" for product "Safari" and version " >= 8.0 < 8.0.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 8.4.1 Search vendor "Apple" for product "Iphone Os" and version " < 8.4.1" | - |
Affected
| ||||||