← Back

CVE-2015-3750

nvd nist
Published: Aug 16, 2015Modified: May 6, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.

Affected (5)

Products: Apple: Iphone Os, Safari
Apple
2 products
Iphone Os
Safari
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Iphone Os
Up to 8.4
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Safari
From 6.0 to 6.2.8
Safari
From 7.0 to 7.1.8
Safari
From 8.0 to 8.0.8
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Iphone Os
Before 8.4.1

Related CWEs

CWE-254
CWE-254

References (14)

Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.