458 matches found
CVE-2015-5858
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL...
Hardcoded credentials
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site...
CVE-2015-5841
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
CVE-2015-5824
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-3801
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...
Code injection
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
UBUNTU-CVE-2015-3801
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...
CVE-2015-3801
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...
CVE-2015-5898
CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID...
CVE-2015-5860
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site...
CVE-2015-5912
The CVE-2015-5912 issue affects CFNetwork FTPProtocol in Apple iOS prior to version 9.0. Remote FTP proxy servers can trigger TCP connection attempts to intranet hosts through crafted responses, enabling potential reconnaissance or access to internal hosts. The connected docs indicate this vulner...
CVE-2015-5860
CVE-2015-5860 affects the CFNetwork HTTPProtocol component in Apple iOS prior to 9. The root cause is a mishandling of HSTS state, which allows a remote attacker to bypass Safari private-browsing protections and track users via a crafted website. The vulnerability impact is described in the CVE e...
CVE-2015-5885
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain...
CVE-2015-5885
The CVE-2015-5885 issue affects the CFNetwork Cookies handling in Apple platforms (notably iOS before 9 and macOS in related advisories). The vulnerability description indicates a cross-domain cookie handling flaw that allowed an attacker in a privileged or network position to track a user’s acti...
CVE-2015-5841
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
CVE-2015-5858
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL...
CVE-2015-3801
CVE-2015-3801 affects Apple iOS WebKit’s CFNetwork Cookies: the document.cookie API could be used to bypass a single-cookie restriction in WebKit’s cookie handling, prior to iOS 9. The issue originates in CFNetwork Cookies (WebKit) and is exploitable via unspecified vectors over the network. The ...
CVE-2015-5824
CVE-2015-5824 affects CFNetwork SSL in Apple’s software stack (NSURL) on iOS before 9, where certificate verification fails after a certificate change. This enables man-in-the-middle attackers in privileged network positions to spoof servers and obtain data. Root cause: improper validation of X.5...
CVE-2015-5824
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-5898
CVE-2015-5898 affects CFNetwork in Apple iOS before 9. The issue: CFNetwork caches data using a key protected only by the hardware UID, enabling physically proximate attackers to access cached information. The root cause is the cache encryption key being derived from the hardware UID alone. Impac...