CFNetwork in Apple iOS prior to 7.1.1, Apple OS X up to and including 10.9.2, and Apple TV prior to 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote malicious users to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os 7.0.2 |
||
apple iphone os 7.0.3 |
||
apple iphone os 7.0.4 |
||
apple iphone os 7.0.5 |
||
apple iphone os 7.0.1 |
||
apple iphone os 7.0.6 |
||
apple iphone os 7.0 |
||
apple iphone os |
||
apple mac os x 10.8.2 |
||
apple mac os x 10.8.3 |
||
apple mac os x 10.8.4 |
||
apple mac os x 10.8.5 |
||
apple mac os x 10.8.1 |
||
apple mac os x 10.8.0 |
||
apple mac os x |
||
apple mac os x 10.9 |
||
apple mac os x 10.9.1 |
||
apple mac os x server 10.7.0 |
||
apple mac os x server 10.7.1 |
||
apple mac os x 10.7.0 |
||
apple mac os x 10.7.1 |
||
apple mac os x 10.7.2 |
||
apple mac os x 10.7.3 |
||
apple mac os x server 10.7.3 |
||
apple mac os x server 10.7.5 |
||
apple mac os x 10.7.4 |
||
apple mac os x server 10.7.2 |
||
apple mac os x server 10.7.4 |
||
apple mac os x 10.7.5 |
||
apple tvos 6.0.2 |
||
apple tvos |
||
apple tvos 6.0.1 |
||
apple tvos 6.0 |