The Page Loading functionality in WebKit in Apple Safari prior to 6.2.7, 7.x prior to 7.1.7, and 8.x prior to 8.0.7, as used in Apple iOS prior to 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote malicious users to bypass CSRF protection mechanisms via a crafted web site.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple safari 7.0.5 |
||
apple safari 7.0.6 |
||
apple safari 7.1.6 |
||
apple safari 8.0 |
||
apple safari 7.0 |
||
apple safari 7.0.1 |
||
apple safari 7.1.2 |
||
apple safari 7.1.3 |
||
apple safari 8.0.3 |
||
apple safari 8.0.4 |
||
apple safari 7.0.2 |
||
apple safari 7.0.3 |
||
apple safari 7.0.4 |
||
apple safari 7.1.4 |
||
apple safari 7.1.5 |
||
apple safari 8.0.5 |
||
apple safari 8.0.6 |
||
apple safari |
||
apple safari 7.1.0 |
||
apple safari 7.1.1 |
||
apple safari 8.0.1 |
||
apple safari 8.0.2 |
||
apple mac os x |
||
apple iphone os |
Vulmon