Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
CVE ID: | CVE-2015-3750 |
Description: | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man- in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. |
Test IDs: | None available |
Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-3750 http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html BugTraq ID: 76341 http://www.securityfocus.com/bid/76341 http://www.securitytracker.com/id/1033274 SuSE Security Announcement: openSUSE-SU-2016:0761 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html |