Back to search
CVE-2016-1786
Published: Mar 24, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
APPLE-SA-2016-03-21-6
vendor-advisory
x_refsource_APPLE
1035353
vdb-entry
x_refsource_SECTRACK
APPLE-SA-2016-03-21-1
vendor-advisory
x_refsource_APPLE
20160331 WebKitGTK+ Security Advisory WSA-2016-0003
mailing-list
x_refsource_BUGTRAQ
https://support.apple.com/HT206171
x_refsource_CONFIRM
https://support.apple.com/HT206166
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now