6.4

CVE-2015-3750

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPhone OS Version <= 8.4
AppleSafari Version >= 6.0 < 6.2.8
AppleSafari Version >= 7.0 < 7.1.8
AppleSafari Version >= 8.0 < 8.0.8
AppleiPhone OS Version < 8.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.94% 0.775
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Vendor Advisory
Mailing List
https://support.apple.com/kb/HT205030
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
Vendor Advisory
Mailing List
http://www.securitytracker.com/id/1033274
Third Party Advisory
VDB Entry
https://support.apple.com/kb/HT205033
Vendor Advisory
http://www.securityfocus.com/bid/76341
Third Party Advisory
VDB Entry