VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 23, 2014· Updated Jun 17, 2026

CVE-2014-1296

CVE-2014-1296

Description

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

Affected products

37
  • Apple Inc./Iphone OS8 versions
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*range: <=7.1
    • cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*
  • Apple Inc./Mac OS X16 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.9.2
    • cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*
  • Apple Inc./Mac OS X Server6 versions
    cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:mac_os_x_server:10.7.5:*:*:*:*:*:*:*
  • Apple Inc./tvOS4 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=6.1
    • cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*
  • Apple Inc./Apple TVllm-fuzzy
    Range: <6.1.1
  • Apple Inc./iOSllm-fuzzy
    Range: <7.1.1
  • Apple Inc./OS Xllm-fuzzy
    Range: <=10.9.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.