Vulnerability Details CVE-2015-3754
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
- http://www.securityfocus.com/bid/76339
- http://www.securitytracker.com/id/1033274
- https://support.apple.com/kb/HT205033
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html
- http://www.securityfocus.com/bid/76339
- http://www.securitytracker.com/id/1033274
- https://support.apple.com/kb/HT205033
Products affected by CVE-2015-3754
-
cpe:2.3:a:apple:safari:6.0
-
cpe:2.3:a:apple:safari:6.0.1
-
cpe:2.3:a:apple:safari:6.0.2
-
cpe:2.3:a:apple:safari:6.0.3
-
cpe:2.3:a:apple:safari:6.0.4
-
cpe:2.3:a:apple:safari:6.0.5
-
cpe:2.3:a:apple:safari:6.1
-
cpe:2.3:a:apple:safari:6.1.1
-
cpe:2.3:a:apple:safari:6.1.2
-
cpe:2.3:a:apple:safari:6.1.3
-
cpe:2.3:a:apple:safari:6.1.4
-
cpe:2.3:a:apple:safari:6.1.5
-
cpe:2.3:a:apple:safari:6.2.1
-
cpe:2.3:a:apple:safari:6.2.4
-
cpe:2.3:a:apple:safari:6.2.5
-
cpe:2.3:a:apple:safari:6.2.6
-
cpe:2.3:a:apple:safari:7.0
-
cpe:2.3:a:apple:safari:7.0.1
-
cpe:2.3:a:apple:safari:7.0.2
-
cpe:2.3:a:apple:safari:7.0.3
-
cpe:2.3:a:apple:safari:7.0.4
-
cpe:2.3:a:apple:safari:7.0.5
-
cpe:2.3:a:apple:safari:7.1
-
cpe:2.3:a:apple:safari:7.1.1
-
cpe:2.3:a:apple:safari:7.1.4
-
cpe:2.3:a:apple:safari:7.1.5
-
cpe:2.3:a:apple:safari:7.1.6
-
cpe:2.3:a:apple:safari:8.0
-
cpe:2.3:a:apple:safari:8.0.1
-
cpe:2.3:a:apple:safari:8.0.4
-
cpe:2.3:a:apple:safari:8.0.5
-
cpe:2.3:a:apple:safari:8.0.6