CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html	Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html	Mailing List Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/76341	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033274	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2937-1	Third Party Advisory
https://support.apple.com/kb/HT205030	Vendor Advisory
https://support.apple.com/kb/HT205033	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari::::::::

Configuration 2 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

History

No history.

Information

Published : 2015-08-16 23:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-3752

Mitre link : CVE-2015-3752

CVE.ORG link : CVE-2015-3752

JSON object : View

Products Affected

apple

iphone_os
safari

canonical

ubuntu_linux

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-3752", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-08-16T23:59:25.533", "references": [{"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/76341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1033274", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}, {"url": "http://www.ubuntu.com/usn/USN-2937-1", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT205030", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT205033", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request."}, {"lang": "es", "value": "Vulnerabilidad en la implementaci\u00f3n de Content Security Policy en WebKit en Apple Safari en versiones anteriores a 6.2.8, 7.x en versiones anteriores a 7.1.8 y 8.x en versiones anteriores a 8.0.8, tal como se utiliza en iOS en versiones anteriores a 8.4.1 y otros productos, no restringe adecuadamente la transmisi\u00f3n de cookies para peticiones de informes, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores relacionados con (1) una petici\u00f3n de or\u00edgenes cruzados o (2) una solicitud de navegaci\u00f3n privada."}], "lastModified": "2019-02-07T19:52:34.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47782F4A-23C6-4F74-B4D1-DE59356AA9AB", "versionEndExcluding": "6.2.8", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2532A5EF-F419-4D51-BFB0-70AA3269691B", "versionEndExcluding": "7.1.8", "versionStartIncluding": "7.0"}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A5B82D-B522-4F3F-B46B-DA1317F75C60", "versionEndExcluding": "8.0.8", "versionStartIncluding": "8.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F597127C-D985-43BC-AE13-8E076B270CC4", "versionEndExcluding": "8.4.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}