CVE-2015-1089 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 34.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple IOS +1 more

Timeline

PublishedApr 10

Latest updateMay 17

Description

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDapple/mac_os_x10.10.2

▶NVDapple/iphone_os8.2

▶Appleapple/ios8.3

▶Appleapple/os_x_yosemite_v10.10.3_and_security_update_2015-004

🔴Vulnerability Details

GHSA

GHSA-v8c7-r83c-4vvm: CFNetwork in Apple iOS before 8↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-1089: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶

Apple

CVE-2015-1089: iOS 8.3↗

▶

💬Community

Bugzilla

CVE-2015-5351 tomcat: CSRF token leak↗2016-02-23

▶