{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2015-3750","title":"Title"},{"category":"description","text":"WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2015-3750","url":"https://www.suse.com/security/cve/CVE-2015-3750"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1082221 for CVE-2015-3750","url":"https://bugzilla.suse.com/1082221"}],"title":"SUSE CVE CVE-2015-3750","tracking":{"current_release_date":"2023-12-08T04:44:28Z","generator":{"date":"2023-02-15T05:18:39Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2015-3750","initial_release_date":"2023-02-15T05:18:39Z","revision_history":[{"date":"2023-02-15T05:18:39Z","number":"2","summary":"Current version"},{"date":"2023-12-08T04:44:28Z","number":"3","summary":"Current version"}],"status":"interim","version":"3"}}}