CVE-2015-3752
Apple Safari < 6.2.8 - Exposure of Sensitive Information via Content Security Policy Cookie Transmission
Title source: llmDescription
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033274
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205030
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76341
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205033
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2937-1
Scores
EPSS
0.0275
EPSS Percentile
84.5%
Details
CWE
CWE-200
Status
published
Products (4)
apple/iphone_os
< 8.4.1
apple/safari
6.0 - 6.2.8
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.10
Published
Aug 16, 2015
Tracked Since
Feb 18, 2026