CVE-2015-3752
Ubuntu Security Notice USN-2937-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
Vulnerabilidad en la implementación de Content Security Policy en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros productos, no restringe adecuadamente la transmisión de cookies para peticiones de informes, lo que permite a atacantes remotos obtener información sensible a través de vectores relacionados con (1) una petición de orígenes cruzados o (2) una solicitud de navegación privada.
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-07 CVE Reserved
- 2015-08-13 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/76341 | Third Party Advisory | |
| http://www.securitytracker.com/id/1033274 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html | 2019-02-07 | |
| http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html | 2019-02-07 | |
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html | 2019-02-07 | |
| http://www.ubuntu.com/usn/USN-2937-1 | 2019-02-07 | |
| https://support.apple.com/kb/HT205030 | 2019-02-07 | |
| https://support.apple.com/kb/HT205033 | 2019-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 6.0 < 6.2.8 Search vendor "Apple" for product "Safari" and version " >= 6.0 < 6.2.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 7.0 < 7.1.8 Search vendor "Apple" for product "Safari" and version " >= 7.0 < 7.1.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 8.0 < 8.0.8 Search vendor "Apple" for product "Safari" and version " >= 8.0 < 8.0.8" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 8.4.1 Search vendor "Apple" for product "Iphone Os" and version " < 8.4.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||