458 matches found
CVE-2014-1296
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...
Design/Logic Flaw
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...
CVE-2014-1296
CFNetwork in iOS before 7.1.1, OS X up to 10.9.2, and Apple TV before 6.1.1 mishandles incomplete Set-Cookie headers, allowing a remote attacker to bypass access restrictions by closing the TCP connection during header transmission (HTTPOnly). Public fix/version not specified in the provided docu...
CVE-2014-1296
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...
Mac OS X Multiple Vulnerabilities (Security Update 2014-002)
The remote host is running a version of Mac OS X 10.7, 10.8, or 10.9 that does not have Security Update 2014-002 applied. This update contains several security-related fixes for the following components : - CFNetwork HTTPProtocl - CoreServicesUIAgent - FontParser - Heimdal Kerberos - ImageIO -...
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001 OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses the following: Apache Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain...
CVE-2014-1257
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation...
Design/Logic Flaw
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation...
CVE-2014-1257
CVE-2014-1257 affects CFNetwork cookies in Apple OS X up to 10.8.5. The vulnerability arises because Safari reset actions do not reliably remove session cookies, allowing a physically proximate attacker with an unattended workstation to bypass access restrictions. Publicly documented details in t...
Apple Mac OS X多个安全漏洞(APPLE-SA-2014-02-25-1)
BUGTRAQ ID: 65777 CVECAN ID: CVE-2014-1254,CVE-2014-1262,CVE-2014-1255,CVE-2014-1256,CVE-2014-1257,CVE-2014-1258,CVE-2014-1261,CVE-2014-1263,CVE-2014-1265,CVE-2014-1259,CVE-2014-1264,CVE-2014-1260,CVE-2014-1246,CVE-2014-1247,CVE-2014-1248,CVE-2014-1249,CVE-2014-1250,CVE-2014-1245 OS X(前称Mac OS...
Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)
The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date...
Apple Mac OS X and QuickTime multiple security vulnerabilities
Multiple vulnerabilities in kernel, networking components, printing services, AFP Server, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdevcmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machin...
CVE-2013-5167
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers...
Design/Logic Flaw
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers...
CVE-2013-5167
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers...
CVE-2013-5167
CVE-2013-5167 concerns CFNetwork in Apple Mac OS X pre-10.9 where Safari’s deletion of session cookies is not properly handled during a reset, enabling remote servers to track users via Set-Cookie headers. Affected: CFNetwork on macOS before 10.9. Root cause: improper cookie deletion handling in ...
Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)
The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld -...
APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following: CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An...
CVE-2013-0982
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation...
Authentication flaw
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation...