Lucene search

PRIOn knowledge basePRION:CVE-2015-3750

HistoryAug 16, 2015 - 11:59 p.m.

Code injection

2015-08-1623:59:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.

CPENameOperatorVersion
iphone_osle8.4
iphone_oslt8.4.1
safarige6.0
safarilt6.2.8
safarige7.0
safarilt7.1.8
safarige8.0
safarilt8.0.8

Name	Operator	Version
iphone_os	le	8.4
iphone_os	lt	8.4.1
safari	ge	6.0
safari	lt	6.2.8
safari	ge	7.0
safari	lt	7.1.8
safari	ge	8.0
safari	lt	8.0.8

References

lists.apple.com/archives/security-announce/2015/Aug/msg00000.html

lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

lists.opensuse.org/opensuse-updates/2016-03/msg00054.html

www.securityfocus.com/bid/76341

www.securitytracker.com/id/1033274

support.apple.com/kb/HT205030

support.apple.com/kb/HT205033

5.5 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for PRION:CVE-2015-3750