CVE-2015-3751
published 2015-08-16CVE-2015-3751: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.55%
81.8th percentile
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | apple_tv | — | — |
| apple | ios | — | — |
| apple | iphone_os | < 8.4.1 | 8.4.1 |
| apple | safari | >= 6.0 < 6.2.8 | 6.2.8 |
| apple | safari | >= 7.0 < 7.1.8 | 7.1.8 |
| apple | safari | >= 8.0 < 8.0.8 | 8.0.8 |
| apple | safari_8.0.8_safari_7.1.8_and_safari | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
Apple
CVE-2015-3751: iOS 8.4.1
vendor_apple·CVSS 5.0
CVE-2015-3751 [MEDIUM] CVE-2015-3751: iOS 8.4.1
Apple Security Update: About the security content of iOS 8.4.1
Product: iOS
Version: 8.4.1
CVE: CVE-2015-3751
Component: CVE-ID
Apple
CVE-2015-3751: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
vendor_apple·CVSS 5.0
CVE-2015-3751 [MEDIUM] CVE-2015-3751: Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Apple Security Update: About the security content of Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
Product: Safari 8.0.8, Safari 7.1.8, and Safari
Version: 6.2.8
CVE: CVE-2015-3751
Component: CVE-ID
Apple
CVE-2015-3751: Apple TV 7.2.1
vendor_apple·CVSS 5.0
CVE-2015-3751 [MEDIUM] CVE-2015-3751: Apple TV 7.2.1
Apple Security Update: About the security content of Apple TV 7.2.1
Product: Apple TV
Version: 7.2.1
CVE: CVE-2015-3751
Component: CVE-ID
GHSA
GHSA-6fp9-pg9h-pr6m: WebKit in Apple Safari before 6
ghsa_unreviewed·2022-05-14
CVE-2015-3751 [MEDIUM] GHSA-6fp9-pg9h-pr6m: WebKit in Apple Safari before 6
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.
OSV
CVE-2015-3751: WebKit in Apple Safari before 6
osv·2015-08-16·CVSS 5.0
CVE-2015-3751 [MEDIUM] CVE-2015-3751: WebKit in Apple Safari before 6
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://www.securityfocus.com/bid/76341http://www.securitytracker.com/id/1033274https://support.apple.com/kb/HT205030https://support.apple.com/kb/HT205033http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlhttp://www.securityfocus.com/bid/76341http://www.securitytracker.com/id/1033274https://support.apple.com/kb/HT205030https://support.apple.com/kb/HT205033
2015-08-16
Published