Lucene search
HistoryOct 23, 2015 - 9:59 p.m.
CVE-2015-7023
cve-2015-7023
cfnetwork
apple ios
os x
cookie parsing
remote servers
security vulnerability
5.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.003 Low
EPSS
Percentile
69.4%
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:mac_os_x | apple mac os x | le | 10.11.0 |
| apple:iphone_os | apple iphone os | le | 9.0.2 |
Related
prion
prion
Code injection
2015-10-23 21:59:00
cert
cert
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (Oct 2015)
2015-10-29 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
2015-11-10 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2016-05-26 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2015-10-23 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-10-21-1 iOS 9.1
2015-10-25 00:00:00
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
Apple iOS multiple security vulnerabilities
2015-10-25 00:00:00
5.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.003 Low
EPSS
Percentile
69.4%
Related for CVE-2015-7023