cvedb.io
CVE-2015-3750
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-08-16T23:59:23.533 · Last modified 2026-06-17T00:26:13.560

Summary

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.

Affected products

apple — iphone_os

Does this affect you?

Add your gear to cvedb and we'll alert you only when apple ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.