cvedb.io
CVE-2015-3658
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-07-03T01:59:17.370 · Last modified 2026-06-17T00:26:03.370

Summary

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.

Affected products

apple — safari

Does this affect you?

Add your gear to cvedb and we'll alert you only when apple ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.