CVE-2014-1296
published 2014-04-23CVE-2014-1296: CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before…
medium4.3CVSS 3.1
AVNACMAuNCPINAN
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | <= 7.1 | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | mac_os_x | <= 10.9.2 | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |