Lucene search

[email protected]CVE-2013-3948

HistoryJun 05, 2013 - 2:39 p.m.

CVE-2013-3948

2013-06-0514:39:55

CWE-20

[email protected]

web.nvd.nist.gov

apple

ios

6.1.3

open redirect

vulnerability

nvd

cve-2013-3948

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.

Affected configurations

NVD

Node

appleiphone_osMatch6.1.3

CPENameOperatorVersion
apple:iphone_osapple iphone oseq6.1.3

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	eq	6.1.3

References

antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf

support.apple.com/kb/HT6162

www.syscan.org/index.php/sg/program/day/2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2013-3948

nvd2 prion2 cvelist1 cve1