Safari < 6.2.7 / 7.1.7 / 8.0.7 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8950
SynopsisThe remote host contains a web browser that is affected by multiple vulnerabilities.
DescriptionVersions of Safari prior to 6.2.7 / 7.1.7 / 8.0.7 are reportedly affected by the following vulnerabilities :
- A flaw exists in WebKit Page Loading due to the Origin request header being preserved for cross-origin redirects. A remote attacker can exploit this, via a specially crafted web page, to circumvent cross-site request forgery (XSRF) protections. (CVE-2015-3658)
- A flaw exists in the WebKit Storage's SQLite authorizer due to insufficient comparison. A remote attacker can exploit this, via a specially crafted web page, to invoke arbitrary SQL functions, resulting in a denial of service condition or executing arbitrary code. (CVE-2015-3659)
- An information disclosure vulnerability exists in WebKit due to improper restrictions on renaming WebSQL tables. A remote attacker can exploit this, via a specially crafted website, to access WebSQL databases belonging to other websites. (CVE-2015-3727)
SolutionUpgrade to Safari 6.2.7 / 7.1.7 / 8.0.7 or later.