What is the severity of CVE-2015-3727?

CVE-2015-3727 has a high severity rating because it allows remote attackers to access arbitrary WebSQL databases.

How do I fix CVE-2015-3727?

To fix CVE-2015-3727, update Apple Safari to version 6.2.7, 7.1.7, 8.0.7, or later.

Which versions of Apple Safari are affected by CVE-2015-3727?

CVE-2015-3727 affects Apple Safari versions before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7.

Which operating systems are impacted by CVE-2015-3727?

CVE-2015-3727 impacts Apple iOS versions before 8.4 and macOS versions up to and including 10.10.3.

Is there a workaround for CVE-2015-3727?

There is no official workaround for CVE-2015-3727; the only solution is to update to a secure version of Safari.

Vulnerability/
CVE-2015-3727

medium

6.8

CWE

264

3/7/2015

6/8/2024

CVE-2015-3727

First published: Fri Jul 03 2015(Updated: )

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Mobile Safari	<=6.2.6
Apple Mobile Safari	=7.0
Apple Mobile Safari	=7.0.1
Apple Mobile Safari	=7.0.2
Apple Mobile Safari	=7.0.3
Apple Mobile Safari	=7.0.4
Apple Mobile Safari	=7.0.5
Apple Mobile Safari	=7.0.6
Apple Mobile Safari	=7.1.0
Apple Mobile Safari	=7.1.1
Apple Mobile Safari	=7.1.2
Apple Mobile Safari	=7.1.3
Apple Mobile Safari	=7.1.4
Apple Mobile Safari	=7.1.5
Apple Mobile Safari	=7.1.6
Apple Mobile Safari	=8.0
Apple Mobile Safari	=8.0.1
Apple Mobile Safari	=8.0.2
Apple Mobile Safari	=8.0.3
Apple Mobile Safari	=8.0.4
Apple Mobile Safari	=8.0.5
Apple Mobile Safari	=8.0.6
iStyle @cosme iPhone OS	<=8.3
Apple iOS and macOS	<=10.10.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3727?
CVE-2015-3727 has a high severity rating because it allows remote attackers to access arbitrary WebSQL databases.
How do I fix CVE-2015-3727?
To fix CVE-2015-3727, update Apple Safari to version 6.2.7, 7.1.7, 8.0.7, or later.
Which versions of Apple Safari are affected by CVE-2015-3727?
CVE-2015-3727 affects Apple Safari versions before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7.
Which operating systems are impacted by CVE-2015-3727?
CVE-2015-3727 impacts Apple iOS versions before 8.4 and macOS versions up to and including 10.10.3.
Is there a workaround for CVE-2015-3727?
There is no official workaround for CVE-2015-3727; the only solution is to update to a secure version of Safari.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/apple mobile safari
version/apple mobile safari/6.2.6
version/apple mobile safari/7.0
version/apple mobile safari/7.0.1
version/apple mobile safari/7.0.2
version/apple mobile safari/7.0.3
version/apple mobile safari/7.0.4
version/apple mobile safari/7.0.5
version/apple mobile safari/7.0.6
version/apple mobile safari/7.1.0
version/apple mobile safari/7.1.1
version/apple mobile safari/7.1.2
version/apple mobile safari/7.1.3
version/apple mobile safari/7.1.4
version/apple mobile safari/7.1.5
version/apple mobile safari/7.1.6
version/apple mobile safari/8.0
version/apple mobile safari/8.0.1
version/apple mobile safari/8.0.2
version/apple mobile safari/8.0.3
version/apple mobile safari/8.0.4
version/apple mobile safari/8.0.5
version/apple mobile safari/8.0.6
canonical/istyle @cosme iphone os
version/istyle @cosme iphone os/8.3
canonical/apple ios and macos
version/apple ios and macos/10.10.3