Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APPLE-SAFARI-BYPASS |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple Safari URL Handling Cross-Origin Security Bypass |
Release Date |
2015/06/29 |
Update Number |
2511 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apple Safari URL Handling Cross-Origin Security Bypass
This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to origin spoofing.
Extended Description
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
Affected Products
- Apple iphone_os 8.2
- Apple safari 6.2.4
- Apple safari 7.0
- Apple safari 7.0.1
- Apple safari 7.0.2
- Apple safari 7.0.3
- Apple safari 7.0.4
- Apple safari 7.0.5
- Apple safari 7.0.6
- Apple safari 7.1.0
- Apple safari 7.1.1
- Apple safari 7.1.2
- Apple safari 7.1.3
- Apple safari 7.1.4
- Apple safari 8.0.0
- Apple safari 8.0.1
- Apple safari 8.0.2
- Apple safari 8.0.3
- Apple safari 8.0.4
References
- BugTraq: 73977
- CVE: CVE-2015-1126
- URL: https://klikki.fi/adv/safari.html