Total vulnerabilities in the database
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.
| Software | From | Fixed in |
|---|---|---|
| apple / iphone_os | 7.0.4 | 7.0.4.x |
| apple / iphone_os | - | 7.1.x |
| apple / iphone_os | 7.0.5 | 7.0.5.x |
| apple / iphone_os | 7.0.6 | 7.0.6.x |
| apple / iphone_os | 7.0.1 | 7.0.1.x |
| apple / iphone_os | 7.0.2 | 7.0.2.x |
| apple / iphone_os | 7.0 | 7.0.x |
| apple / iphone_os | 7.0.3 | 7.0.3.x |
| apple / mac_os_x | 10.8.3 | 10.8.3.x |
| apple / mac_os_x | 10.8.5-supplemental_update | 10.8.5-supplemental_update.x |
| apple / mac_os_x | 10.8.4 | 10.8.4.x |
| apple / mac_os_x | 10.8.1 | 10.8.1.x |
| apple / mac_os_x | 10.8.0 | 10.8.0.x |
| apple / mac_os_x | 10.8.5 | 10.8.5.x |
| apple / mac_os_x | 10.8.2 | 10.8.2.x |
| apple / mac_os_x | 10.9 | 10.9.x |
| apple / mac_os_x | 10.9.1 | 10.9.1.x |
| apple / mac_os_x | - | 10.9.2.x |
| apple / mac_os_x_server | 10.7.3 | 10.7.3.x |
| apple / mac_os_x_server | 10.7.1 | 10.7.1.x |
| apple / mac_os_x_server | 10.7.5 | 10.7.5.x |
| apple / mac_os_x_server | 10.7.2 | 10.7.2.x |
| apple / mac_os_x | 10.7.2 | 10.7.2.x |
| apple / mac_os_x | 10.7.5 | 10.7.5.x |
| apple / mac_os_x | 10.7.3 | 10.7.3.x |
| apple / mac_os_x | 10.7.4 | 10.7.4.x |
| apple / mac_os_x_server | 10.7.0 | 10.7.0.x |
| apple / mac_os_x | 10.7.0 | 10.7.0.x |
| apple / mac_os_x_server | 10.7.4 | 10.7.4.x |
| apple / mac_os_x | 10.7.1 | 10.7.1.x |
| apple / tvos | 6.0 | 6.0.x |
| apple / tvos | 6.0.1 | 6.0.1.x |
| apple / tvos | 6.0.2 | 6.0.2.x |
| apple / tvos | - | 6.1.x |