VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3658

CVE-2015-3658

Description

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

Affected products

25
  • Apple Inc./Safari22 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.6
    • cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.3
  • Apple Inc./Mac Os X
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.10.3
  • osv-coords
    pkg:rpm/opensuse/gtk3&distro=openSUSE%20Tumbleweed
    Range: < 2.4.11-3.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.