SynopsisThe web browser installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.7 / 7.1.7 / 8.0.7. It is, therefore, affected by the following vulnerabilities :
- A flaw exists in WebKit Page Loading due to the Origin request header being preserved for cross-origin redirects. A remote attacker can exploit this, via a specially crafted web page, to circumvent cross-site request forgery (XSRF) protections. (CVE-2015-3658)
- A flaw exists in the WebKit Storage's SQLite authorizer due to insufficient comparison. A remote attacker can exploit this, via a specially crafted web page, to invoke arbitrary SQL functions, resulting in a denial of service condition or executing arbitrary code.
- An information disclosure vulnerability exists in WebKit due to improper restrictions on renaming WebSQL tables.
A remote attacker can exploit this, via a specially crafted website, to access WebSQL databases belonging to other websites. (CVE-2015-3727)
SolutionUpgrade to Apple Safari 6.2.7 / 7.1.7 / 8.0.7 or later.