| Vulnerability Name: | CVE-2015-3729 (CCN-105610) | ||||||||
| Assigned: | 2015-08-11 | ||||||||
| Published: | 2015-08-11 | ||||||||
| Updated: | 2019-02-08 | ||||||||
| Summary: | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site. | ||||||||
| CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-254 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-3729 Source: APPLE Type: Mailing List, Vendor Advisory APPLE-SA-2015-08-13-1 Source: APPLE Type: Mailing List, Vendor Advisory APPLE-SA-2015-08-13-3 Source: CCN Type: BugTraq Mailing List, Mon, 24 Aug 2015 14:09:44 GMT [SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5 Source: BID Type: Third Party Advisory, VDB Entry 76342 Source: CCN Type: BID-76342 Apple Safari CVE-2015-3729 Security Bypass Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1033274 Source: XF Type: UNKNOWN apple-safari-cve20153729-spoofing(105610) Source: CCN Type: Apple Web site About the security content of Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/kb/HT205030 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/kb/HT205033 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||