English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.805968
Category:General
Title:Apple Safari Multiple Vulnerabilities-01 Sep15 (Mac OS X)
Summary:This host is installed with Apple Safari; and is prone to multiple vulnerabilities.
Description:Summary:
This host is installed with Apple Safari
and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist duu to,

- Multiple memory corruption issues existed in WebKit.

- An error existed in Content Security Policy report requests which would not
honor HTTP Strict Transport Security.

- An issue existed where websites with video controls would load images nested
in object elements in violation of the website's Content Security Policy
directive.

- Two issues existed in how cookies were added to Content Security Policy report
requests. Cookies were sent in cross-origin report requests in violation of the
standard.

- Images fetched through URLs that redirected to a data:image resource could have
been exfiltrated cross-origin.

- An issue existed in caching of HTTP authentication. Credentials entered in
private browsing mode were carried over to regular browsing which would reveal
parts of the user's private browsing history.

- Navigating to a malformed URL may have allowed a malicious website to display
an arbitrary URL.

- A malicious website could open another site and prompt for user input without
a way for the user to tell where the prompt came from.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct spoofing attack, unexpected application termination
or arbitrary code execution, trigger plaintext requests to an origin under HTTP
Strict Transport Security, load image out of accordance with Content Security
Policy directive, gain access to sensitive information, exfiltrate image data
cross-origin and reveal private browsing history.

Affected Software/OS:
Apple Safari versions before 6.2.8, 7.x
before 7.1.8, and 8.x before 8.0.8

Solution:
Upgrade to Apple Safari version 6.2.8 or
7.1.8 or 8.0.8 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 76342
BugTraq ID: 76338
BugTraq ID: 76341
BugTraq ID: 76339
BugTraq ID: 76344
Common Vulnerability Exposure (CVE) ID: CVE-2015-3729
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
http://www.securityfocus.com/bid/76342
http://www.securitytracker.com/id/1033274
Common Vulnerability Exposure (CVE) ID: CVE-2015-3730
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
http://www.securityfocus.com/bid/76338
SuSE Security Announcement: openSUSE-SU-2016:0761 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-3731
SuSE Security Announcement: openSUSE-SU-2016:0915 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
http://www.ubuntu.com/usn/USN-2937-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-3732
Common Vulnerability Exposure (CVE) ID: CVE-2015-3733
Common Vulnerability Exposure (CVE) ID: CVE-2015-3734
Common Vulnerability Exposure (CVE) ID: CVE-2015-3735
Common Vulnerability Exposure (CVE) ID: CVE-2015-3736
Common Vulnerability Exposure (CVE) ID: CVE-2015-3737
Common Vulnerability Exposure (CVE) ID: CVE-2015-3738
Common Vulnerability Exposure (CVE) ID: CVE-2015-3739
Common Vulnerability Exposure (CVE) ID: CVE-2015-3740
Common Vulnerability Exposure (CVE) ID: CVE-2015-3741
Common Vulnerability Exposure (CVE) ID: CVE-2015-3742
Common Vulnerability Exposure (CVE) ID: CVE-2015-3743
Common Vulnerability Exposure (CVE) ID: CVE-2015-3744
Common Vulnerability Exposure (CVE) ID: CVE-2015-3745
Common Vulnerability Exposure (CVE) ID: CVE-2015-3746
Common Vulnerability Exposure (CVE) ID: CVE-2015-3747
Common Vulnerability Exposure (CVE) ID: CVE-2015-3748
Common Vulnerability Exposure (CVE) ID: CVE-2015-3749
Common Vulnerability Exposure (CVE) ID: CVE-2015-3750
http://www.securityfocus.com/bid/76341
Common Vulnerability Exposure (CVE) ID: CVE-2015-3751
Common Vulnerability Exposure (CVE) ID: CVE-2015-3752
Common Vulnerability Exposure (CVE) ID: CVE-2015-3753
Common Vulnerability Exposure (CVE) ID: CVE-2015-3754
http://www.securityfocus.com/bid/76339
Common Vulnerability Exposure (CVE) ID: CVE-2015-3755
http://www.securityfocus.com/bid/76344
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.