CVE-2015-3658 — Apple Iphone OS vulnerability

CWE-2546 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 41.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Apple Iphone OS Apple MAC OS X +3 more

Timeline

PublishedJul 3

Latest updateMay 17

Description

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

▶NVDapple/safari6.2.6+21

▶Appleapple/safari_8.0.7_safari_7.1.7_and_safari6.2.7

▶NVDapple/mac_os_x10.10.3

▶NVDapple/iphone_os8.3

▶Appleapple/ios8.4

🔴Vulnerability Details

GHSA

GHSA-7w75-mgjq-f5m7: The Page Loading functionality in WebKit in Apple Safari before 6↗2022-05-17

▶

OSV

CVE-2015-3658: The Page Loading functionality in WebKit in Apple Safari before 6↗2015-07-02

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-03-21

▶

Apple

CVE-2015-3658: iOS 8.4↗

▶

Apple

CVE-2015-3658: Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7↗

▶