HTTP: Apple Safari URL Handling Cross-Origin Security Bypass

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to origin spoofing.

Extended Description

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

Affected Products

Apple safari

References

BugTraq: 73977

CVE: CVE-2015-1126

URL: https://klikki.fi/adv/safari.html

Short Name
HTTP:APPLE-SAFARI-BYPASS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apple Bypass CVE-2015-1126 Cross-Origin Handling Safari Security URL bid:73977
Release Date
06/29/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Apple

CVSS Score

4.3

Found a potential security threat?