CVE-2015-3729

MEDIUM

Description

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

References

http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

http://www.securityfocus.com/bid/76342

http://www.securitytracker.com/id/1033274

https://support.apple.com/kb/HT205030

https://support.apple.com/kb/HT205033

Details

Source: MITRE

Published: 2015-08-16

Updated: 2019-02-08

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM