Lucene search
HistoryOct 23, 2015 - 9:59 p.m.
CVE-2015-7023
cve-2015-7023
cfnetwork
apple ios
os x
cookie parsing
remote servers
security vulnerability
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.9%
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
Affected configurations
Node
applemac_os_xRange≤10.11.0
Node
appleiphone_osRange≤9.0.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:mac_os_x | apple mac os x | le | 10.11.0 |
Related
cvelist
cvelist
CVE-2015-7023
2015-10-23 21:00:00
nvd
nvd
CVE-2015-7023
2015-10-23 21:59:55
prion
prion
Code injection
2015-10-23 21:59:00
cert
cert
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (Oct 2015)
2015-10-29 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
2015-11-10 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2015-10-23 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2016-05-26 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-10-21-1 iOS 9.1
2015-10-25 00:00:00
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
Apple iOS multiple security vulnerabilities
2015-10-25 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.9%
Related for CVE-2015-7023