Lucene search
HistoryMay 20, 2013 - 2:44 p.m.
CVE-2013-1014
apple
itunes
https
spoofing
cve-2013-1014
nvd
4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.2%
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
Affected configurations
Node
appleitunesRange≤11.0.2
ORappleitunesMatch4.0.0
ORappleitunesMatch4.0.1
ORappleitunesMatch4.1.0
ORappleitunesMatch4.2.0
ORappleitunesMatch4.5
ORappleitunesMatch4.5.0
ORappleitunesMatch4.6
ORappleitunesMatch4.6.0
ORappleitunesMatch4.7
ORappleitunesMatch4.7.0
ORappleitunesMatch4.7.1
ORappleitunesMatch4.7.2
ORappleitunesMatch4.8.0
ORappleitunesMatch4.9.0
ORappleitunesMatch5.0
ORappleitunesMatch5.0.0
ORappleitunesMatch5.0.1
ORappleitunesMatch6.0.0
ORappleitunesMatch6.0.1
ORappleitunesMatch6.0.2
ORappleitunesMatch6.0.3
ORappleitunesMatch6.0.4
ORappleitunesMatch6.0.5
ORappleitunesMatch7.0.0
ORappleitunesMatch7.0.1
ORappleitunesMatch7.0.2
ORappleitunesMatch7.1.0
ORappleitunesMatch7.1.1
ORappleitunesMatch7.2.0
ORappleitunesMatch7.3.0
ORappleitunesMatch7.3.1
ORappleitunesMatch7.3.2
ORappleitunesMatch7.4
ORappleitunesMatch7.4.0
ORappleitunesMatch7.4.1
ORappleitunesMatch7.4.2
ORappleitunesMatch7.4.3
ORappleitunesMatch7.5
ORappleitunesMatch7.5.0
ORappleitunesMatch7.6
ORappleitunesMatch7.6.0
ORappleitunesMatch7.6.1
ORappleitunesMatch7.6.2
ORappleitunesMatch7.7
ORappleitunesMatch7.7.0
ORappleitunesMatch7.7.1
ORappleitunesMatch8.0.0
ORappleitunesMatch8.0.1
ORappleitunesMatch9.0.0
ORappleitunesMatch9.0.1
ORappleitunesMatch9.0.2
ORappleitunesMatch9.0.3
ORappleitunesMatch9.1
ORappleitunesMatch9.1.1
ORappleitunesMatch9.2
ORappleitunesMatch9.2.1
ORappleitunesMatch10.0
ORappleitunesMatch10.0.1
ORappleitunesMatch10.1
ORappleitunesMatch10.1.1
ORappleitunesMatch10.1.1.4
ORappleitunesMatch10.1.2
ORappleitunesMatch10.2
ORappleitunesMatch10.2.2.12
ORappleitunesMatch10.3
ORappleitunesMatch10.3.1
ORappleitunesMatch10.4
ORappleitunesMatch10.4.0.80
ORappleitunesMatch10.4.1
ORappleitunesMatch10.4.1.10
ORappleitunesMatch10.5
ORappleitunesMatch10.5.1
ORappleitunesMatch10.5.1.42
ORappleitunesMatch10.5.2
ORappleitunesMatch10.5.3
ORappleitunesMatch10.6
ORappleitunesMatch10.6.1
ORappleitunesMatch10.6.3
applemac_os_xMatch10.6.8
ORapplemac_os_xMatch10.7.0
ORapplemac_os_xMatch10.7.1
ORapplemac_os_xMatch10.7.2
ORapplemac_os_xMatch10.7.3
ORapplemac_os_xMatch10.7.4
ORapplemac_os_xMatch10.7.5
ORmicrosoftwindows_7
ORmicrosoftwindows_vista
ORmicrosoftwindows_xpMatch-
Related
prion
prion
Code injection
2013-05-20 14:44:00
cvelist
cvelist
CVE-2013-1014
2013-05-19 10:00:00
nessus
nessus
iTunes < 11.0.3 Certificate Validation Vulnerability (Mac OS X)
2013-05-17 00:00:00
Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)
2013-05-17 00:00:00
iTunes < 11.0.3 Multiple Vulnerabilities
2013-05-19 00:00:00
nvd
nvd
CVE-2013-1014
2013-05-20 14:44:35
openvas
openvas
Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)
2013-06-06 00:00:00
Apple iTunes Multiple Vulnerabilities - June13 (Windows)
2013-06-06 00:00:00
Apple iTunes Multiple Vulnerabilities (Jun 2013) - Mac OS X
2013-06-06 00:00:00
kaspersky
kaspersky
KLA10076 Multiple vulnerabilities in Apple iTunes
2013-05-22 00:00:00
securityvulns
securityvulns
Apple iTunes multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-16-1 iTunes 11.0.3
2013-05-27 00:00:00
4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.2%
Related for CVE-2013-1014