Информационная безопасность
[RU] switch to English


Уязвимости безопасности в iTunes
Опубликовано:29 мая 2014 г.
Источник:
SecurityVulns ID:13794
Тип:локальная
Уровень опасности:
5/10
Описание:Некорректная обработка HTTP-заголовков, слабые разрешения.
Затронутые продукты:APPLE : iTunes 11.2
CVE:CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-05-16-1 iTunes 11.2.1 (29.05.2014)
 documentAPPLE, APPLE-SA-2014-05-15-2 iTunes 11.2 (29.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород