Lucene search

K
cvelistAppleCVELIST:CVE-2014-1296
HistoryApr 23, 2014 - 10:00 a.m.

CVE-2014-1296

2014-04-2310:00:00
apple
www.cve.org

5.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.3%

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header’s value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

5.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.3%

Related for CVELIST:CVE-2014-1296