CVE-2009-0144

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...

CVE-2009-0157

Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service application crash via long HTTP headers...

CVE-2009-0144

CVE-2009-0144 concerns CFNetwork in Apple Mac OS X 10.5.x (before 10.5.7). The issue arises from improper parsing of noncompliant Set-Cookie headers, which may cause certain cookies (including sensitive ones) to be sent over unencrypted HTTP connections. Affected: Mac OS X 10.5 through 10.5.6 (se...

Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat -...

Mac OS X Multiple Vulnerabilities (Security Update 2009-001)

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS...

Design/Logic Flaw

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information Subject data from personally identifiable certificates, and use arbitrary certificates...

CVE-2008-1580

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information Subject data from personally identifiable certificates, and use arbitrary certificates...

CVE-2008-1580

Technical details for CVE-2008-1580 are not publicly provided in the supplied documents; monitor for updates.

Design/Logic Flaw

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

CVE-2008-0050

CVE-2008-0050 : The issue affects CFNetwork in Apple Mac OS X 10.4.11. A remote HTTPS proxy server can spoof secure websites by embedding data in a 502 Bad Gateway response, potentially misleading users about the authenticity of the site. The available description states the vulnerability and its...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities

CVE-2007-4708 CVE-2007-4709 CVE-2007-4710 CVE-2007-5847 CVE-2007-5848 CVE-2007-5849 CVE-2007-5850 CVE-2007-5851 CVE-2007-5853 CVE-2007-5854 CVE-2007-5855 CVE-2007-5856 CVE-2007-5857 CVE-2007-5859 CVE-2007-5876 CVE-2007-5860 CVE-2007-5861 These issues affect Mac OS X and various applications,...

Directory traversal

Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response...

CVE-2007-4709

Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response...

CVE-2007-4709

CVE-2007-4709 affects Apple Mac OS X 10.5.1 CFNetwork. The vulnerability is a directory traversal in CFNetwork that allows remote attackers to overwrite arbitrary files via a crafted HTTP response. The OpenVAS entries associate this with Mac OS X Security Update 2007-009; impact includes potentia...

CVE-2007-4709

Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response...

Apple CFNetwork HTTP空指针引用拒绝服务漏洞

BUGTRAQ ID: 22249 CVECAN ID: CVE-2007-0464 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CFNetwork处理畸形回应数据时存在漏洞，远程攻击者可能利用此漏洞导致客户端崩溃。 CFNetwork是一个Core Services框架，可提供解压网络协议所需的函数库。Mac OS X的CFNetwork没有正确地处理某些HTTP响应，CFNetConnectionWillEnqueueRequests函数可能会引用空指针。如果服务器向使用这个API的客户端发送了特制响应的话，就可以触发这个漏洞，导致拒绝服务的情况。...

Code injection

CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack...

CVE-2007-4679

CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands...