Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1296

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-1296
Last Modified 23 Apr 2014 01:36:27
Published 23 Apr 2014 07:52:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1296

Summary

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

Vulnerable Systems

Operating System

  • Apple Iphone Os 7.0

  • Apple Iphone Os 7.0.1

  • Apple Iphone Os 7.0.2

  • Apple Iphone Os 7.0.3

  • Apple Iphone Os 7.0.4

  • Apple Iphone Os 7.0.5

  • Apple Iphone Os 7.0.6

  • Apple Iphone Os 7.1

  • Apple Mac Os X 10.7.0

  • Apple Mac Os X 10.7.1

  • Apple Mac Os X 10.7.2

  • Apple Mac Os X 10.7.3

  • Apple Mac Os X 10.7.4

  • Apple Mac Os X 10.7.5

  • Apple Mac Os X 10.8.0

  • Apple Mac Os X 10.8.1

  • Apple Mac Os X 10.8.2

  • Apple Mac Os X 10.8.3

  • Apple Mac Os X 10.8.4

  • Apple Mac Os X 10.8.5

  • Apple Mac Os X 10.9

  • Apple Mac Os X 10.9.1

  • Apple Mac Os X 10.9.2

  • Apple Mac Os X Server 10.7.0

  • Apple Mac Os X Server 10.7.1

  • Apple Mac Os X Server 10.7.2

  • Apple Mac Os X Server 10.7.3

  • Apple Mac Os X Server 10.7.4

  • Apple Mac Os X Server 10.7.5

Application

  • Apple Tv 6.0

  • Apple Tv 6.0.1

  • Apple Tv 6.0.2

  • Apple Tv 6.1


References

APPLE - APPLE-SA-2014-04-22-2

APPLE - APPLE-SA-2014-04-22-3

APPLE - APPLE-SA-2014-04-22-1

Related Patches

Apple 2014-05-15 Mac OS X 10.9.3 Update

Apple 2014-05-15 Mac OS X 10.9.3 Combo Update

Apple 2014-04-22 Security Update 2014-002 (Lion)

Apple 2014-04-22 Security Update 2014-002 Server (Lion)

Apple 2014-04-22 Security Update 2014-002 (Mavericks)

Apple 2014-04-22 Security Update 2014-002 (Mountain Lion)

Apple iTunes 11.2 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:05:04