CVE-2016-1801Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure6 documents4 sources
Severity
7.5HIGHNVD
EPSS
7.7%
top 8.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple Tvos+2 more
Timeline
PublishedMay 20
Latest updateMay 14

Description

The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDapple/tvos< 9.2.1
Appleapple/tvos9.2.1
NVDapple/mac_os_x< 10.11.5
NVDapple/iphone_os< 9.3.2
Appleapple/ios9.3.2

🔴Vulnerability Details

1
GHSA
GHSA-wc4r-2r4r-4q4j: The CFNetwork Proxies subsystem in Apple iOS before 92022-05-14

📋Vendor Advisories

3
Apple
CVE-2016-1801: iOS 9.3.2
Apple
CVE-2016-1801: tvOS 9.2.1
Apple
CVE-2016-1801: OS X El Capitan v10.11.5 and Security Update 2016-003

💬Community

1
Bugzilla
Proxy Auto-Config SSL/TLS Url Disclosure2016-03-10