7PK - Security Features

CVE-2015-3729

Medium

4.3/10

Summary

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-254 - Security Features

Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.

References

Advisory Timeline

Published Aug 16, 2015

7PK - Security Features

CVE-2015-3729

Summary

CWE-254 - Security Features

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS