CVE-2012-0641Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Iphone OS
Timeline
PublishedMar 8
Latest updateMay 14

Description

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/iphone_os< 5.1

🔴Vulnerability Details

1
GHSA
GHSA-2372-vqj2-qq6j: CFNetwork in Apple iOS before 52022-05-14
CVE-2012-0641 — Improper Input Validation in Apple | cvebase