CVE-2015-5828

Name: CVE-2015-5828
Creator: NVD / NIST
Published: 2015-10-09T05:59:02.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.75%

Last modified Jun 17, 2026

CVE-2015-5828 is a vulnerability of currently unknown severity. The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.. EPSS estimates a 1.75% chance of exploitation in the next 30 days.

Description

The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

Metrics

EPSS Probability

1.75%

74.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Opensuse	Leap	42.1
Apple	Safari	<= 8.0.8

References

http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.htmlVendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlThird Party Advisory
http://www.securityfocus.com/bid/79707Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1033688Third Party Advisory, VDB Entry
https://support.apple.com/HT205265Vendor Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.htmlVendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.htmlThird Party Advisory
http://www.securityfocus.com/bid/79707Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1033688Third Party Advisory, VDB Entry
https://support.apple.com/HT205265Vendor Advisory

Timeline

Published: Oct 9, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-5828?

How severe is CVE-2015-5828?

Severity scoring for CVE-2015-5828 is pending analysis. The EPSS model estimates a 1.75% probability of exploitation in the next 30 days.

How do I fix CVE-2015-5828?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-5828?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST