Detections
Analytics

Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8949

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

Versions of Safari prior to 6.2.8 / 7.1.8 / 8.0.8 are reportedly affected by the following vulnerabilities :

 - An unspecified flaw exists that allows an attacker to spoof UI elements by using crafted web pages. (CVE-2015-3729)
 - Multiple memory corruption flaws exist in WebKit due to improper validation of user-supplied input. An attacker can exploit these, by using a crafted web page, to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)
 - A security policy bypass vulnerability exists in WebKit related to handling Content Security Policy report requests. An attacker can exploit this to bypass the HTTP Strict Transport Security policy. (CVE-2015-3750)
 - A security policy bypass vulnerability exists in WebKit that allows websites to use video controls to load images nested in object elements in violation of Content Security Policy directives. (CVE-2015-3751)
 - An information disclosure vulnerability exists in WebKit related to how cookies are added to Content Security Policy report requests, which results in cookies being exposed to cross-origin requests. Also, cookies set during regular browsing are sent during private browsing. (CVE-2015-3752)
 - An information disclosure vulnerability exists in the WebKit Canvas component when images are called using URLs that redirect to a data:image resource. An attacker, using a malicious website, can exploit this to disclose image data cross-origin. (CVE-2015-3753)
 - An information disclosure vulnerability exists in WebKit page loading where the caching of HTTP authentication credentials entered in private browsing mode were carried over into regular browsing, resulting in a user's private browsing history being exposed. (CVE-2015-3754)
 - A flaw in the WebKit process model allows a malicious website to display an arbitrary URL, which can allow user interface spoofing. (CVE-2015-3755)

Solution

Upgrade to Safari 6.2.8 / 7.1.8 / 8.0.8 or later.

See Also

https://support.apple.com/en-us/HT205033

Plugin Details

Severity: High

ID: 8949

Family: Web Clients

Published: 10/1/2015

Updated: 3/6/2019

Nessus ID: 85446

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Patch Publication Date: 8/13/2015

Vulnerability Publication Date: 8/13/2015

Reference Information

CVE: CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755

BID: 76338, 76339, 76341, 76342, 76344