{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT204941"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT204950"}, {"name": "75492", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75492"}, {"name": "openSUSE-SU-2016:0915", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"}, {"name": "APPLE-SA-2015-06-30-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"name": "APPLE-SA-2015-06-30-4", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"}, {"name": "1032754", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032754"}, {"name": "USN-2937-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2937-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2015-3658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.apple.com/kb/HT204941", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT204941"}, {"name": "http://support.apple.com/kb/HT204950", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT204950"}, {"name": "75492", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75492"}, {"name": "openSUSE-SU-2016:0915", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"}, {"name": "APPLE-SA-2015-06-30-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"name": "APPLE-SA-2015-06-30-4", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"}, {"name": "1032754", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032754"}, {"name": "USN-2937-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2937-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:47:58.226Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT204941"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT204950"}, {"name": "75492", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75492"}, {"name": "openSUSE-SU-2016:0915", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"}, {"name": "APPLE-SA-2015-06-30-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"name": "APPLE-SA-2015-06-30-4", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"}, {"name": "1032754", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032754"}, {"name": "USN-2937-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2937-1"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2015-3658", "datePublished": "2015-07-03T01:00:00", "dateReserved": "2015-05-07T00:00:00", "dateUpdated": "2024-08-06T05:47:58.226Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3CBE396-522D-42D2-90D8-EC816E582642", "versionEndIncluding": "6.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "49457917-495E-4D17-A0AB-D2A163D4721D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8CCADCE6-92F3-4A30-AA29-4E3394C1A3CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E74D3F4B-111E-4F51-ACB4-6725C4BF8DB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "223B13DA-9328-46C2-8426-3182D55E6669", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD636DF3-E590-4603-9D18-CC2375A97750", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A0F8336F-D0F8-4337-9DF6-51B60F8A2E9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "79C2EF49-A9F0-4612-903A-A3A95805277E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "0E1934F2-5917-4C15-8869-82C557BF430D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3567D600-C756-4FB5-B4B1-9B014A990A7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3587E5B7-4B66-4DB4-86A3-6E37034747C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB1C61F7-BAF4-4061-8B1A-D7F8D597F2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6A5C7D83-EA9E-4E26-910D-8471252723EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BE29EE2D-9EA8-4486-BC3F-B0CCF9C396F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7FDB5E2A-F3BD-4500-922E-A191C45DE93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2E55F641-AC7F-41AD-BB6A-F69831DAD49E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3C46A6C6-292D-4F67-9DF4-DFA01DCEA387", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB31BE7C-CB6D-447E-AFF8-618998950FC5", "versionEndIncluding": "8.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "68566BD8-D5DD-4747-9C9A-59154400EBFA", "versionEndIncluding": "10.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site."}, {"lang": "es", "value": "La funcionalidad Page Loading en WebKit en Apple Safari anterior a 6.2.7, 7.x anterior a 7.1.7, y 8.x anterior a 8.0.7, utilizado en Apple iOS anterior a 8.4 y otros productos, no considera correctamente las redirecciones durante decisiones sobre el env\u00edo de una cabecera Origin, lo que facilita a atacantes remotos evadir los mecanismos de protecci\u00f3n CSRF a trav\u00e9s de un sitio web manipulado."}], "id": "CVE-2015-3658", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-07-03T01:59:17.370", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"}, {"source": "product-security@apple.com", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT204941"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT204950"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/75492"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1032754"}, {"source": "product-security@apple.com", "url": "http://www.ubuntu.com/usn/USN-2937-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT204941"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT204950"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75492"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2937-1"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}