Back to search
CVE-2014-1296
Published: Apr 23, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
APPLE-SA-2014-04-22-1
vendor-advisory
x_refsource_APPLE
APPLE-SA-2014-04-22-2
vendor-advisory
x_refsource_APPLE
APPLE-SA-2014-04-22-3
vendor-advisory
x_refsource_APPLE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now