Lucene search

K

AppleCVELIST:CVE-2015-1091

HistoryApr 10, 2015 - 2:00 p.m.

CVE-2015-1091

2015-04-1014:00:00

apple

www.cve.org

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.apple.com/archives/security-announce/2015/Apr/msg00002.html

www.securityfocus.com/bid/73984

www.securitytracker.com/id/1032048

support.apple.com/HT204659

support.apple.com/HT204661

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

Related for CVELIST:CVE-2015-1091

prion1 nvd1 cve1 openvas1 securityvulns4 nessus2