Vulnerability CVE-2015-3658: Information

Description

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

Severity: MEDIUM (6.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-3658

Published: July 3, 2015

Modified: Dec. 28, 2016

Error type identifier: CWE-254

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libwebkitgtk2	p10	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	p9	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c10f1	2.4.11-alt1	2.4.11-alt13	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk2	c9f2	2.4.11-alt1	2.4.11-alt10	ALT-PU-2016-1315-1	162826	Fixed
libwebkitgtk3	p10	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	p9	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c10f1	2.4.10-alt1	2.4.11-alt12	ALT-PU-2016-1245-1	161352	Fixed
libwebkitgtk3	c9f2	2.4.10-alt1	2.4.11-alt9.1.p9	ALT-PU-2016-1245-1	161352	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://support.apple.com/kb/HT204950	Vendor Advisory
APPLE-SA-2015-06-30-1	Vendor Advisory
APPLE-SA-2015-06-30-4	Vendor Advisory
http://support.apple.com/kb/HT204941	Vendor Advisory
75492
openSUSE-SU-2016:0915
USN-2937-1
1032754

Affected configurations:
1. Configuration 1
  cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
  End including
  6.2.6
  cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
  cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  End including
  10.10.3
  cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
  End including
  8.3

Version: v24.5.0

Vulnerability CVE-2015-3658: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2