CVE-2011-3246Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple MAC OS XApple MAC OS X Server
Timeline
PublishedOct 14
Latest updateMay 17

Description

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDapple/mac_os_x10.7.0, 10.7.1+1
NVDapple/iphone_os19 versions+18
NVDapple/mac_os_x_server10.7.0, 10.7.1+1

🔴Vulnerability Details

2
GHSA
GHSA-489p-j5ww-8jr3: CFNetwork in Apple iOS before 52022-05-17
CVEList
CVE-2011-3246: CFNetwork in Apple iOS before 52011-10-14
CVE-2011-3246 — Sensitive Information Exposure in Apple | cvebase