4.3

CVE-2015-5828

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLeap Version42.1
AppleSafari Version <= 8.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.75% 0.749
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html
Vendor Advisory
https://support.apple.com/HT205265
Vendor Advisory
http://www.securitytracker.com/id/1033688
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/79707
Third Party Advisory
VDB Entry