CVE-2015-5841
18.09.2015, 10:59
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
Vendor | Product | Version |
---|---|---|
apple | mac_os_x | 𝑥 ≤ 10.10.5 |
apple | iphone_os | 𝑥 ≤ 8.4.1 |
apple | watchos | 1.0 |
𝑥
= Vulnerable software versions
References