CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.apple.com/kb/HT204950	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html	Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html	Vendor Advisory
http://support.apple.com/kb/HT204941	Vendor Advisory
http://www.securityfocus.com/bid/75492
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
http://www.ubuntu.com/usn/USN-2937-1
http://www.securitytracker.com/id/1032754

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari:7.0.5:::::::*
	cpe:2.3:a:apple:safari:7.0.6:::::::*
	cpe:2.3:a:apple:safari:7.1.6:::::::*
	cpe:2.3:a:apple:safari:8.0:::::::*
	cpe:2.3:a:apple:safari:7.0:::::::*
	cpe:2.3:a:apple:safari:7.0.1:::::::*
	cpe:2.3:a:apple:safari:7.1.2:::::::*
	cpe:2.3:a:apple:safari:7.1.3:::::::*
	cpe:2.3:a:apple:safari:8.0.3:::::::*
	cpe:2.3:a:apple:safari:8.0.4:::::::*
	cpe:2.3:a:apple:safari:7.0.2:::::::*
	cpe:2.3:a:apple:safari:8.0.2:::::::*
	cpe:2.3:a:apple:safari:8.0.1:::::::*
	cpe:2.3:a:apple:safari:7.0.3:::::::*
	cpe:2.3:a:apple:safari:7.0.4:::::::*
	cpe:2.3:a:apple:safari:7.1.0:::::::*
	cpe:2.3:a:apple:safari:8.0.6:::::::*
	cpe:2.3:a:apple:safari:7.1.5:::::::*
	cpe:2.3:a:apple:safari:7.1.1:::::::*
	cpe:2.3:a:apple:safari:7.1.4:::::::*
	cpe:2.3:a:apple:safari:8.0.5:::::::*
	cpe:2.3:a:apple:safari::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:iphone_os::::::::

Information

Published : 2015-07-02 18:59

Updated : 2016-12-27 18:59

NVD link : CVE-2015-3658

Mitre link : CVE-2015-3658

JSON object : View

CWE

CWE-254

7PK - Security Features

Products Affected

apple

mac_os_x
safari
iphone_os

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.apple.com/kb/HT204950", "name": "http://support.apple.com/kb/HT204950", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html", "name": "APPLE-SA-2015-06-30-1", "tags": ["Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html", "name": "APPLE-SA-2015-06-30-4", "tags": ["Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://support.apple.com/kb/HT204941", "name": "http://support.apple.com/kb/HT204941", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/75492", "name": "75492", "tags": [], "refsource": "BID"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html", "name": "openSUSE-SU-2016:0915", "tags": [], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2937-1", "name": "USN-2937-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://www.securitytracker.com/id/1032754", "name": "1032754", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-254"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-3658", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2015-07-03T01:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.2.6"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "10.10.3"}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-12-28T02:59Z"}

6.8 /10