Описание
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-4708
- https://support.apple.com/HT207141
- https://support.apple.com/HT207142
- https://support.apple.com/HT207143
- https://support.apple.com/HT207170
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
- http://www.securityfocus.com/bid/93054
- http://www.securitytracker.com/id/1036858
Связанные уязвимости
CVSS3: 6.5
nvd
больше 9 лет назад
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.