CVE-2015-1091

2015-04-10T14:59:00
ID CVE-2015-1091
Type cve
Reporter cve@mitre.org
Modified 2017-01-03T02:59:00

Description

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.