Описание
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 7.0 (включая) до 7.1.2 (включая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Конфигурация 2Версия от 6.0 (включая) до 6.1.5 (включая)Версия от 7.0 (включая) до 7.0.5 (включая)
Одно из
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00762
Низкий
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
EPSS
Процентиль: 73%
0.00762
Низкий
5 Medium
CVSS2
Дефекты
CWE-255