Lucene search

K

[email protected]NVD:CVE-2015-3753

HistoryAug 16, 2015 - 11:59 p.m.

CVE-2015-3753

2015-08-1623:59:26

CWE-200

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.

Affected configurations

NVD

Node

applesafariRange6.0–6.2.8

OR

applesafariRange7.0–7.1.8

OR

applesafariRange8.0–8.0.8

Node

appleiphone_osRange<8.4.1

References

lists.apple.com/archives/security-announce/2015/Aug/msg00000.html

lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

www.securityfocus.com/bid/76341

www.securitytracker.com/id/1033274

support.apple.com/kb/HT205030

support.apple.com/kb/HT205033

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

Related for NVD:CVE-2015-3753

cvelist1 intothesymmetry1 ubuntucve1 prion1 cve1 nessus5 openvas2 securityvulns4 apple2 mageia1